Design/Logic Flaw

2023-09-2010:15:00

PRIOn knowledge base

www.prio-n.com

quarkus

http

security flaw

unauthorized access

denial of service

7.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.7%

JSON

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

CPENameOperatorVersion
quarkusge3.3.0
quarkuslt3.3.3
quarkusge3.2.0
quarkuslt3.2.6
quarkuslt2.16.11
build_of_optaplannereq8.0
build_of_quarkusge2.13.0
build_of_quarkuslt2.13.8
decision_managereq7.0
integration_camel_klt1.10.2

Name	Operator	Version
quarkus	ge	3.3.0
quarkus	lt	3.3.3
quarkus	ge	3.2.0
quarkus	lt	3.2.6
quarkus	lt	2.16.11
build_of_optaplanner	eq	8.0
build_of_quarkus	ge	2.13.0
build_of_quarkus	lt	2.13.8
decision_manager	eq	7.0
integration_camel_k	lt	1.10.2