Lucene search
Veracode Vulnerability DatabaseVERACODE:38296HistoryNov 30, 2022 - 4:15 a.m.
Remote Code Execution (RCE)
2022-11-3004:15:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
quarkus
vertx
http
vulnerability
remote code execution
drive-by localhost attacks
attacker
malicious query parameters
dev ui config editor
software
0.007 Low
EPSS
Percentile
80.8%
quarkus-vertx-http is vulnerable to remote code execution. The vulnerability exists in multiple functions due to drive-by localhost attacks which allows an attacker to inject and execute malicious query parameters via the Dev UI Config Editor.
References
access.redhat.com/security/cve/cve-2022-4116
bugzilla.redhat.com/show_bug.cgi?id=2144748
github.com/advisories/GHSA-g56w-cwg4-hxx9
github.com/quarkusio/quarkus/commit/cc26704d3bed46ed1d5caee90f22894952a07182
github.com/quarkusio/quarkus/commit/e8865318eb5a9b14ffe7bc4dc603db5e3fb8765c
github.com/quarkusio/quarkus/issues/29431
github.com/quarkusio/quarkus/pull/29342
Related
cnvd
cnvd
Quarkus has an unspecified vulnerability
2022-11-24 00:00:00
osv
osv
CVE-2022-4116
2022-11-22 19:15:18
Code injection in quarkus dev ui config editor
2022-11-22 21:30:17
redhatcve
redhatcve
CVE-2022-4116
2022-11-22 08:26:03
nvd
nvd
CVE-2022-4116
2022-11-22 19:15:18
thn
thn
prion
prion
Remote code execution
2022-11-22 19:15:00
github
github
Code injection in quarkus dev ui config editor
2022-11-22 21:30:17
cvelist
cvelist
CVE-2022-4116
2022-11-22 00:00:00
cve
cve
CVE-2022-4116
2022-11-22 19:15:18
redhat
redhat