Vulnerabilities > Quarkus > Quarkus > 0.21.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-25 | CVE-2023-6267 | Improper Handling of Exceptional Conditions vulnerability in Quarkus A flaw was found in the json payload. | 9.8 |
2023-12-09 | CVE-2023-6394 | Missing Authorization vulnerability in multiple products A flaw was found in Quarkus. | 9.1 |
2023-10-04 | CVE-2023-1584 | Unspecified vulnerability in Quarkus A flaw was found in Quarkus. | 7.5 |
2023-09-20 | CVE-2023-4853 | Incorrect Authorization vulnerability in multiple products A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. | 8.1 |
2023-02-24 | CVE-2023-0481 | Exposure of Resource to Wrong Sphere vulnerability in Quarkus In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | 3.3 |
2023-02-23 | CVE-2023-0044 | Cross-site Scripting vulnerability in multiple products If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. | 6.1 |
2022-11-22 | CVE-2022-4116 | A vulnerability was found in quarkus. | 9.8 |
2022-10-02 | CVE-2022-42003 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | 7.5 |
2022-10-02 | CVE-2022-42004 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. | 7.5 |
2022-03-23 | CVE-2022-0981 | Incorrect Authorization vulnerability in Quarkus A flaw was found in Quarkus. | 8.8 |