Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Quarkus
(Quarkus)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 45 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-02-02 | CVE-2022-21724 | pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if... | Debian_linux, Fedora, Postgresql_jdbc_driver, Quarkus | 9.8 | ||
2022-11-22 | CVE-2022-4116 | A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution. | Quarkus, Build_of_quarkus | 9.8 | ||
2023-02-24 | CVE-2023-0481 | In RestEasy Reactive implementation of Quarkus the insecure File.createTempFile() is used in the FileBodyHandler class which creates temp files with insecure permissions that could be read by a local user. | Quarkus | 3.3 | ||
2024-01-25 | CVE-2023-6267 | A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security. | Quarkus | 9.8 | ||
2020-04-06 | CVE-2020-1728 | A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors. | Quarkus, Keycloak | 5.4 | ||
2020-05-13 | CVE-2020-1714 | A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. | Quarkus, Decision_manager, Jboss_fuse, Keycloak, Openshift_application_runtimes, Process_automation, Single_sign\-On | 8.8 | ||
2020-06-04 | CVE-2020-13692 | PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | Debian_linux, Fedora, Steelstore_cloud_integrated_storage, Postgresql_jdbc_driver, Quarkus | 7.7 | ||
2020-09-18 | CVE-2020-25633 | A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality. | Quarkus, Resteasy | 5.3 | ||
2020-12-02 | CVE-2020-13956 | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | Httpclient, Active_iq_unified_manager, Snapcenter, Commerce_guided_search, Communications_cloud_native_core_service_communication_proxy, Data_integrator, Jd_edwards_enterpriseone_orchestrator, Jd_edwards_enterpriseone_tools, Nosql_database, Peoplesoft_enterprise_peopletools, Peoplesoft_enterprise_pt_peopletools, Primavera_unifier, Retail_customer_management_and_segmentation_foundation, Spatial_studio, Sql_developer, Weblogic_server, Quarkus | 5.3 | ||
2020-12-02 | CVE-2020-25638 | A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | Debian_linux, Hibernate_orm, Communications_cloud_native_core_console, Retail_customer_management_and_segmentation_foundation, Quarkus | 7.4 |