Vulnerabilities > Quarkus

DATE CVE VULNERABILITY TITLE RISK
2022-10-02 CVE-2022-42004 Deserialization of Untrusted Data vulnerability in multiple products
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays.
network
low complexity
fasterxml quarkus debian netapp CWE-502
7.5
2022-08-31 CVE-2022-2466 HTTP Request Smuggling vulnerability in Quarkus
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.
network
low complexity
quarkus CWE-444
critical
9.8
2022-03-23 CVE-2022-0981 Incorrect Authorization vulnerability in Quarkus
A flaw was found in Quarkus.
network
low complexity
quarkus CWE-863
8.8
2022-02-02 CVE-2022-21724 Improper Initialization vulnerability in multiple products
pgjdbc is the offical PostgreSQL JDBC Driver.
network
low complexity
postgresql fedoraproject quarkus debian CWE-665
critical
9.8
2021-12-09 CVE-2021-43797 Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
low complexity
netty quarkus netapp oracle debian
6.5
2021-10-19 CVE-2021-37136 Resource Exhaustion vulnerability in multiple products
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).
network
low complexity
netty quarkus oracle netapp debian CWE-400
7.5
2021-10-19 CVE-2021-37137 Resource Exhaustion vulnerability in multiple products
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage.
network
low complexity
netty oracle quarkus netapp debian CWE-400
7.5
2021-09-22 CVE-2021-38153 Information Exposure Through Discrepancy vulnerability in multiple products
Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful.
network
high complexity
apache quarkus oracle CWE-203
5.9
2021-08-18 CVE-2021-37714 jsoup is a Java library for working with HTML.
network
low complexity
jsoup quarkus oracle netapp
7.5
2021-08-05 CVE-2021-3642 A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where ScramServer may be susceptible to Timing Attack if enabled.
network
high complexity
redhat quarkus
5.3