Vulnerabilities > Quarkus

DATE CVE VULNERABILITY TITLE RISK
2021-05-26 CVE-2021-28170 Expression Language Injection vulnerability in multiple products
In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid.
network
low complexity
eclipse quarkus oracle CWE-917
5.3
5.3
2021-05-26 CVE-2020-25724 A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided.
network
low complexity
redhat quarkus
4.3
4.3
2021-04-23 CVE-2021-26291 Origin Validation Error vulnerability in multiple products
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository.
network
low complexity
apache quarkus oracle CWE-346
critical
 9.1
9.1
2021-04-13 CVE-2021-29428 In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it.
local
low complexity
gradle quarkus
7.8
7.8
2021-04-13 CVE-2021-29427 In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning.
network
low complexity
gradle quarkus
7.2
7.2
2021-04-12 CVE-2021-29429 In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle.
local
low complexity
gradle quarkus
5.5
5.5
2021-03-30 CVE-2021-21409 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty debian netapp oracle quarkus
5.9
5.9
2021-03-26 CVE-2021-20289 A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final.
network
low complexity
redhat netapp quarkus oracle
5.3
5.3
2021-03-09 CVE-2021-21295 Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.
network
high complexity
netty netapp debian quarkus apache oracle
5.9
5.9
2021-02-25 CVE-2021-20328 Improper Certificate Validation vulnerability in multiple products
Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate.
high complexity
mongodb quarkus CWE-295
6.8
6.8