Vulnerabilities > Quarkus

DATE CVE VULNERABILITY TITLE RISK
2024-01-25 CVE-2023-6267 Improper Handling of Exceptional Conditions vulnerability in Quarkus
A flaw was found in the json payload.
network
low complexity
quarkus CWE-755
critical
9.8
2023-12-09 CVE-2023-6394 Missing Authorization vulnerability in multiple products
A flaw was found in Quarkus.
network
low complexity
quarkus redhat CWE-862
critical
9.1
2023-11-15 CVE-2023-5720 Unspecified vulnerability in Quarkus
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain.
network
low complexity
quarkus
7.5
2023-10-04 CVE-2023-1584 Unspecified vulnerability in Quarkus
A flaw was found in Quarkus.
network
low complexity
quarkus
7.5
2023-09-20 CVE-2023-4853 Incorrect Authorization vulnerability in multiple products
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions.
network
high complexity
quarkus redhat CWE-863
8.1
2023-02-24 CVE-2023-0481 Exposure of Resource to Wrong Sphere vulnerability in Quarkus
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
local
low complexity
quarkus CWE-668
3.3
2023-02-23 CVE-2023-0044 Cross-site Scripting vulnerability in multiple products
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure.
network
low complexity
quarkus redhat CWE-79
6.1
2022-12-06 CVE-2022-4147 Unspecified vulnerability in Quarkus
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed.
network
high complexity
quarkus
7.5
2022-11-22 CVE-2022-4116 A vulnerability was found in quarkus.
network
low complexity
redhat quarkus
critical
9.8
2022-10-02 CVE-2022-42003 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5