Quarkus

Quarkus

47 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2024-12225

  • EPSS 0.03%
  • Published 06.05.2025 19:49:16
  • Last modified 31.07.2025 18:10:06

A vulnerability was found in Quarkus in the quarkus-security-webauthn module. The Quarkus WebAuthn module publishes default REST endpoints for registering and logging users in while allowing developers to provide custom REST endpoints. When developer...

3.5

CVE-2024-1979

  • EPSS 0.07%
  • Published 13.03.2024 10:15:08
  • Last modified 21.11.2024 08:51:43

A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk.

9.8

CVE-2023-6267

  • EPSS 0.67%
  • Published 25.01.2024 19:15:08
  • Last modified 04.12.2024 08:15:05

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This do...

9.1

CVE-2023-6394

  • EPSS 0.29%
  • Published 09.12.2023 02:15:06
  • Last modified 21.11.2024 08:43:46

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can...

7.5

CVE-2023-5720

  • EPSS 1.86%
  • Published 15.11.2023 14:15:07
  • Last modified 21.11.2024 08:42:21

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build s...

7.5

CVE-2023-1584

  • EPSS 0.29%
  • Published 04.10.2023 11:15:09
  • Last modified 21.11.2024 07:39:29

A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the acc...

8.1

CVE-2023-4853

Exploit
  • EPSS 0.35%
  • Published 20.09.2023 10:15:14
  • Last modified 21.11.2024 08:36:06

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security ...

3.3

CVE-2023-0481

  • EPSS 0.03%
  • Published 24.02.2023 18:15:14
  • Last modified 12.03.2025 16:15:18

In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.

6.1

CVE-2023-0044

  • EPSS 0.11%
  • Published 23.02.2023 20:15:12
  • Last modified 21.11.2024 07:36:27

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

7.5

CVE-2022-4147

  • EPSS 0.26%
  • Published 06.12.2022 19:15:10
  • Last modified 14.04.2025 18:15:25

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload pro...