quarkus-vertx-http is vulnerable to remote code execution. The vulnerability exists in multiple functions due to drive-by localhost attacks which allows an attacker to inject and execute malicious query parameters via the Dev UI Config Editor
.
access.redhat.com/security/cve/cve-2022-4116
bugzilla.redhat.com/show_bug.cgi?id=2144748
github.com/advisories/GHSA-g56w-cwg4-hxx9
github.com/quarkusio/quarkus/commit/cc26704d3bed46ed1d5caee90f22894952a07182
github.com/quarkusio/quarkus/commit/e8865318eb5a9b14ffe7bc4dc603db5e3fb8765c
github.com/quarkusio/quarkus/issues/29431
github.com/quarkusio/quarkus/pull/29342