quarkus-vertx-http is vulnerable to an insecure cross-origin resource sharing (CORS) policy. The vulnerability exists because the XMLHttpRequest
has no event listeners registered on the object returned by the XMLHttpRequest
upload property, allowing an attacker to send malicious GET and POST request to the CORS filter within a ReadableStream object.
access.redhat.com/security/cve/CVE-2022-4147
bugzilla.redhat.com/show_bug.cgi?id=2148867
github.com/advisories/GHSA-9895-g6x5-xwcp
github.com/quarkusio/quarkus/commit/cc26704d3bed46ed1d5caee90f22894952a07182
github.com/quarkusio/quarkus/commit/e8865318eb5a9b14ffe7bc4dc603db5e3fb8765c
github.com/quarkusio/quarkus/pull/29473
github.com/quarkusio/quarkus/pull/29474
quarkus.io/blog/quarkus-2-14-2-final-released/