Vulnerabilities > Quarkus
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-06 | CVE-2022-4147 | Unspecified vulnerability in Quarkus Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. | 7.5 |
2022-11-22 | CVE-2022-4116 | Code Injection vulnerability in multiple products A vulnerability was found in quarkus. | 9.8 |
2022-10-02 | CVE-2022-42003 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | 7.5 |
2022-10-02 | CVE-2022-42004 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. | 7.5 |
2022-03-23 | CVE-2022-0981 | Incorrect Authorization vulnerability in Quarkus A flaw was found in Quarkus. | 6.5 |
2022-02-02 | CVE-2022-21724 | Improper Initialization vulnerability in multiple products pgjdbc is the offical PostgreSQL JDBC Driver. | 9.8 |
2022-01-19 | CVE-2022-21363 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). | 6.0 |
2021-12-09 | CVE-2021-43797 | HTTP Request Smuggling vulnerability in multiple products Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 6.5 |
2021-10-20 | CVE-2021-2471 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). | 7.9 |
2021-10-19 | CVE-2021-37136 | Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). | 7.5 |