Vulnerabilities > Quarkus > Quarkus > 2.15.3

DATE CVE VULNERABILITY TITLE RISK
2023-12-09 CVE-2023-6394 Missing Authorization vulnerability in multiple products
A flaw was found in Quarkus.
network
low complexity
quarkus redhat CWE-862
critical
 9.1
9.1
2023-09-20 CVE-2023-4853 Incorrect Authorization vulnerability in multiple products
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions.
network
high complexity
quarkus redhat CWE-863
8.1
8.1
2023-02-24 CVE-2023-0481 Exposure of Resource to Wrong Sphere vulnerability in Quarkus
In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user.
local
low complexity
quarkus CWE-668
3.3
3.3