A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
oryginał ENCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HQuarkus
APPQuarkus< 2.16.113.2.0 – 3.2.6 (bez)3.3.0 – 3.3.3 (bez)Red Hat Build Of Optaplanner
APPRedhat8.0Red Hat Build Of Quarkus
APPRedhat2.13.0 – 2.13.8 (bez)Red Hat Decision Manager
APPRedhat7.0Red Hat Enterprise Linux
OSRedhat8.0Red Hat Integration Camel K
APPRedhat< 1.10.2Red Hat Integration Camel Quarkus
APPRedhatwszystkie wersjeRed Hat Integration Service Registry
APPRedhatwszystkie wersjeRed Hat Jboss Middleware
APPRedhat1Red Hat Jboss Middleware Text Only Advisories
APPRedhat1.0Red Hat OpenShift Container Platform
APPRedhat4.104.114.12Red Hat Openshift Serverless
APPRedhat1.0Red Hat Process Automation Manager
APPRedhat7.0
Powiązane podatności
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...
Kibana versions before 5.6.15 and 6.6.1 contain an arbitrary code execution flaw in the Timelion visualizer. A...
A sandbox bypass vulnerability exists in Jenkins Script Security Plugin 1.53 and earlier in src/main/java/org/...
A sandbox bypass vulnerability exists in Jenkins Pipeline: Groovy Plugin 2.63 and earlier in pom.xml, src/main...