Quarkus: >> Quarkus >> 2.11.2 Security Vulnerabilities
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.029
Published
2022-11-22
In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-10-02
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-10-02
Page 2