RSS   Vulnerabilities for 'Quarkus'   RSS

2023-12-09
 
CVE-2023-6394

CWE-862
 

 
A flaw was found in Quarkus. This issue occurs when receiving a request over websocket with no role-based permission specified on the GraphQL operation, Quarkus processes the request without authentication despite the endpoint being secured. This can allow an attacker to access information and functionality outside of normal granted API permissions.

 
2022-03-23
 
CVE-2022-0981

CWE-863
 

 
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.

 


Copyright 2024, cxsecurity.com

 

Back to Top