Vulnerabilities > Quarkus

DATE CVE VULNERABILITY TITLE RISK
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
7.5
2022-08-31 CVE-2022-2466 HTTP Request Smuggling vulnerability in Quarkus
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.
network
low complexity
quarkus CWE-444
critical
 9.8
9.8
2022-03-23 CVE-2022-0981 Incorrect Authorization vulnerability in Quarkus
A flaw was found in Quarkus.
network
low complexity
quarkus CWE-863
8.8
8.8
2022-02-02 CVE-2022-21724 Improper Initialization vulnerability in multiple products
pgjdbc is the offical PostgreSQL JDBC Driver.
network
low complexity
postgresql fedoraproject quarkus debian CWE-665
critical
 9.8
9.8
2022-01-19 CVE-2022-21363 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
network
high complexity
oracle quarkus
6.6
6.6
2021-12-09 CVE-2021-43797 HTTP Request Smuggling vulnerability in multiple products
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty quarkus netapp oracle debian CWE-444
6.5
6.5
2021-10-20 CVE-2021-2471 Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J).
network
high complexity
oracle quarkus
5.9
5.9
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
7.5
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
7.5
2021-09-22 CVE-2021-38153 Information Exposure Through Discrepancy vulnerability in multiple products
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful.
network
high complexity
apache quarkus oracle CWE-203
5.9
5.9