Vulnerabilities > Quarkus > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-15 | CVE-2023-5720 | Unspecified vulnerability in Quarkus A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. | 7.5 |
2023-10-04 | CVE-2023-1584 | Unspecified vulnerability in Quarkus A flaw was found in Quarkus. | 7.5 |
2023-09-20 | CVE-2023-4853 | Incorrect Authorization vulnerability in multiple products A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. | 8.1 |
2022-12-06 | CVE-2022-4147 | Unspecified vulnerability in Quarkus Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. | 7.5 |
2022-10-02 | CVE-2022-42003 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. | 7.5 |
2022-10-02 | CVE-2022-42004 | Deserialization of Untrusted Data vulnerability in multiple products In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. | 7.5 |
2022-03-23 | CVE-2022-0981 | Incorrect Authorization vulnerability in Quarkus A flaw was found in Quarkus. | 8.8 |
2021-10-19 | CVE-2021-37136 | Resource Exhaustion vulnerability in multiple products The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). | 7.5 |
2021-10-19 | CVE-2021-37137 | Resource Exhaustion vulnerability in multiple products The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. | 7.5 |
2021-08-18 | CVE-2021-37714 | jsoup is a Java library for working with HTML. | 7.5 |