Quarkus: >> Quarkus >> 2.10.2 Security Vulnerabilities
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.029
Published
2022-11-22
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-10-02
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-02
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.
CVSS Score
9.8
EPSS Score
0.128
Published
2022-08-31
Page 2