Quarkus is vulnerable to HTTP request smuggling. The vulnerability exists in handle
function in SmallRyeGraphQLAbstractHandler.java
due to incomplete termination of the HTTP request header which allows an attacker to smuggle HTTP requests by submitting malicious headers.
github.com/advisories/GHSA-mwhw-6p27-4crc
github.com/quarkusio/quarkus/commit/48787dec704466fc9bd53cd2cb134d40c77dc880
github.com/quarkusio/quarkus/commit/f23ca08e47a9731401f1c4472da0e6fe2bc1c413
github.com/quarkusio/quarkus/issues/26748
github.com/quarkusio/quarkus/pull/26777
quarkus.io/blog/quarkus-2-11-3-final-released