Build of quarkus

This hub aggregates every CVE we track for Build of quarkus, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Build of quarkus.

• CVE-2023-6394Quarkus: graphql operations over websockets bypass7.4Dec 9, 2023
• CVE-2023-6393Quarkus: potential invalid reuse of context when @cacheresult on a uni is used5.3Dec 6, 2023
• CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.KEV7.5Oct 10, 2023
• CVE-2023-4853Quarkus: http security policy bypass8.1Sep 20, 2023
• CVE-2023-1108Undertow: infinite loop in sslconduit during close7.5Sep 14, 2023
• CVE-2023-2974Quarkus-core: tls protocol configured with quarkus.http.ssl.protocols is not enforced, client can enforce weaker supported tls protocol6.5Jul 4, 2023
• CVE-2023-1664A flaw was found in Keycloak. This flaw depends on a non-default configuration "Revalidate Client Certificate" to be enabled and the reverse proxy is not validating the certificate before Keycloak....6.5May 26, 2023
• CVE-2023-0044If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented...6.1Feb 23, 2023
• CVE-2022-4492The undertow client is not checking the server identity presented by the server certificate in https connections. This is a compulsory step (at least it should be performed by default) in https and...7.5Feb 23, 2023
• CVE-2022-4116A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.9.8Nov 22, 2022
• CVE-2022-1259A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an ...7.5Aug 31, 2022
• CVE-2021-3669A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS.5.5Aug 26, 2022
• CVE-2021-3914It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.6.1Aug 25, 2022
• CVE-2021-4178A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and priv...6.7Aug 24, 2022
• CVE-2022-1011A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user triggers write(). This flaw allows a local user to gain unauthorized access to data from the FUSE filesyste...7.8Mar 18, 2022