Vulnerabilities > Quarkus > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-23 | CVE-2023-0044 | Cross-site Scripting vulnerability in multiple products If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. | 6.1 |
| 2022-03-23 | CVE-2022-0981 | Incorrect Authorization vulnerability in Quarkus A flaw was found in Quarkus. | 6.5 |
| 2022-01-19 | CVE-2022-21363 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). | 6.0 |
| 2021-12-09 | CVE-2021-43797 | HTTP Request Smuggling vulnerability in multiple products Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 6.5 |
| 2021-09-22 | CVE-2021-38153 | Information Exposure Through Discrepancy vulnerability in multiple products Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that make brute force attacks for such credentials more likely to be successful. | 5.9 |
| 2021-05-26 | CVE-2021-28170 | Expression Language Injection vulnerability in multiple products In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL expressions to be evaluated as if they were valid. | 5.0 |
| 2021-05-26 | CVE-2020-25724 | Unsynchronized Access to Shared Data in a Multithreaded Context vulnerability in multiple products A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. | 4.0 |
| 2021-04-13 | CVE-2021-29428 | Creation of Temporary File in Directory with Incorrect Permissions vulnerability in multiple products In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that allow multiple users to create and delete files within it. | 4.4 |
| 2021-04-13 | CVE-2021-29427 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or dependency poisoning. | 6.0 |
| 2021-03-30 | CVE-2021-21409 | HTTP Request Smuggling vulnerability in multiple products Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. | 5.9 |