Redhat

Build Of Quarkus

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2023-6394

  • EPSS 0.29%
  • Published 09.12.2023 02:15:06
  • Last modified 21.11.2024 08:43:46

A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can...

5.3

CVE-2023-6393

  • EPSS 0.15%
  • Published 06.12.2023 17:15:07
  • Last modified 21.11.2024 08:43:46

A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This...

7.5

CVE-2023-44487

Warning Media report Exploit
  • EPSS 94.44%
  • Published 10.10.2023 14:15:10
  • Last modified 11.06.2025 17:29:54

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

8.1

CVE-2023-4853

Exploit
  • EPSS 0.35%
  • Published 20.09.2023 10:15:14
  • Last modified 21.11.2024 08:36:06

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security ...

7.5

CVE-2023-1108

  • EPSS 2.56%
  • Published 14.09.2023 15:15:08
  • Last modified 21.11.2024 07:38:28

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.

8.1

CVE-2023-2974

  • EPSS 0.42%
  • Published 04.07.2023 14:15:09
  • Last modified 21.11.2024 07:59:40

A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

6.5

CVE-2023-1664

  • EPSS 0.24%
  • Published 26.05.2023 18:15:09
  • Last modified 15.01.2025 22:15:25

A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak. Using this method an attacker may choose the certifi...

6.1

CVE-2023-0044

  • EPSS 0.11%
  • Published 23.02.2023 20:15:12
  • Last modified 21.11.2024 07:36:27

If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

7.5

CVE-2022-4492

  • EPSS 0.12%
  • Published 23.02.2023 20:15:12
  • Last modified 12.03.2025 15:15:38

The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and in http/2. I would add it to any TLS client protocol...

9.8

CVE-2022-4116

  • EPSS 23.21%
  • Published 22.11.2022 19:15:18
  • Last modified 29.04.2025 17:15:38

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.