9.8

CVE-2023-6267

Quarkus: json payload getting processed prior to security checks when rest resources are used with annotations.

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
QuarkusQuarkus Version < 2.13.9
QuarkusQuarkus Version >= 3.0.0 < 3.2.9
QuarkusQuarkus Version2.13.9 Update-
QuarkusQuarkus Version3.2.9 Update-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.67% 0.711
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com 8.6 3.9 4.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.