CVE-2023-4853

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-4853

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4853.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-4853

Aliases

GHSA-4f4r-wgv2-jjvg

Related

RHSA-2023:5479

Published

2023-09-20T10:15:14Z

Modified

2024-05-29T20:51:59Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

References

Affected packages

Git / github.com/quarkusio/quarkus

Affected ranges

Type: GIT
Repo: https://github.com/quarkusio/quarkus
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1944de146a5e62dcf6d2cf631dd732bd5fbed069