RedHatRHSA-2024:6437(RHSA-2024:6437) Moderate: Red Hat build of Quarkus 3.8.6 release and security update
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N
AI Score
Confidence
Low
This release of Red Hat build of Quarkus 3.8.6 includes security updates, bug fixes, and enhancements. For more information, see the release notes page listed in the References section.
Security Fix(es):
-
EMBARGOED CVE-2024-3653 io.quarkus/quarkus-undertow: undertow: LearningPushHandler can lead to remote memory DoS attacks [quarkus-3.8]
-
CVE-2024-8391 io.vertx.vertx-grpc-client: Vertx gRPC server does not limit the maximum message size [quarkus-3.8]
-
CVE-2024-8391 io.vertx.vertx-grpc-server: Vertx gRPC server does not limit the maximum message size [quarkus-3.8]
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS4
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/SC:N/VI:N/SI:N/VA:L/SA:N
AI Score
Confidence
Low