Vulnerabilities > Quarkus > Quarkus > 1.7.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-26 | CVE-2020-25724 | Unsynchronized Access to Shared Data in a Multithreaded Context vulnerability in multiple products A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. | 4.0 |
| 2021-04-23 | CVE-2021-26291 | Origin Validation Error vulnerability in multiple products Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to some users, resulting in potential risk if a malicious actor takes over that repository or is able to insert themselves into a position to pretend to be that repository. | 9.1 |
| 2021-04-13 | CVE-2021-29428 | Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. | 4.4 |
| 2021-04-13 | CVE-2021-29427 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. | 6.0 |
| 2021-04-12 | CVE-2021-29429 | Insecure Temporary File vulnerability in multiple products In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to access information downloaded by Gradle. | 1.9 |
| 2021-03-30 | CVE-2021-21409 | HTTP Request Smuggling vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.9 |
| 2021-03-26 | CVE-2021-20289 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. | 5.0 |
| 2021-03-09 | CVE-2021-21295 | HTTP Request Smuggling vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.9 |
| 2021-02-25 | CVE-2021-20328 | Improper Certificate Validation vulnerability in multiple products Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host name verification on the KMS server’s certificate. | 6.8 |
| 2021-02-18 | CVE-2020-28491 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. | 7.5 |