Vulnerabilities > Quarkus > High

DATE CVE VULNERABILITY TITLE RISK
2021-04-13 CVE-2021-29428 In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it.
local
low complexity
gradle quarkus
7.8
7.8
2021-04-13 CVE-2021-29427 In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning.
network
low complexity
gradle quarkus
7.2
7.2
2021-02-18 CVE-2020-28491 Allocation of Resources Without Limits or Throttling vulnerability in multiple products
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1.
network
low complexity
fasterxml quarkus oracle CWE-770
7.5
7.5
2020-12-03 CVE-2020-25649 XXE vulnerability in multiple products
A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. 		7.5
7.5
2020-12-02 CVE-2020-25638 A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final.
network
high complexity
hibernate debian quarkus oracle
7.4
7.4
2020-06-04 CVE-2020-13692 XXE vulnerability in multiple products
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. 		7.7
7.7
2020-05-13 CVE-2020-1714 Improper Input Validation vulnerability in multiple products
A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks.
network
low complexity
redhat quarkus CWE-20
8.8
8.8
2019-12-12 CVE-2017-18640 XML Entity Expansion vulnerability in multiple products
The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564. 		7.5
7.5