Vulnerabilities > Quarkus

DATE CVE VULNERABILITY TITLE RISK
2022-12-06 CVE-2022-4147 Unspecified vulnerability in Quarkus
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed.
network
high complexity
quarkus
7.5
2022-11-22 CVE-2022-4116 Code Injection vulnerability in multiple products
A vulnerability was found in quarkus.
network
low complexity
redhat quarkus CWE-94
critical
9.8
2022-10-02 CVE-2022-42003 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
2022-03-23 CVE-2022-0981 Incorrect Authorization vulnerability in Quarkus
A flaw was found in Quarkus.
network
low complexity
quarkus CWE-863
6.5
2022-02-02 CVE-2022-21724 Improper Initialization vulnerability in multiple products
pgjdbc is the offical PostgreSQL JDBC Driver.
network
low complexity
postgresql fedoraproject quarkus debian CWE-665
critical
9.8
2022-01-19 CVE-2022-21363 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
network
oracle quarkus
6.0
2021-12-09 CVE-2021-43797 HTTP Request Smuggling vulnerability in multiple products
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty quarkus netapp oracle CWE-444
6.5
2021-10-20 CVE-2021-2471 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
network
oracle quarkus
7.9
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp CWE-400
7.5