CVE-2023-4853

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-4853
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4853.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4853
Aliases
Published
2023-09-20T10:15:14Z
Modified
2024-05-29T20:51:59Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

References

Affected packages

Git / github.com/quarkusio/quarkus

Affected ranges

Type
GIT
Repo
https://github.com/quarkusio/quarkus
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed