GHSA-c57v-hc7m-8px2

Source

https://github.com/advisories/GHSA-c57v-hc7m-8px2

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/02/GHSA-c57v-hc7m-8px2/GHSA-c57v-hc7m-8px2.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-c57v-hc7m-8px2

Aliases

CVE-2023-0044

Published

2023-02-23T21:30:16Z

Modified

2023-11-08T04:11:05.080525Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site Scripting in Quarkus

Details

If the Quarkus Form Authentication session cookie Path attribute is set to / then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.

Database specific

{
    "nvd_published_at": "2023-02-23T20:15:00Z",
    "github_reviewed_at": "2023-02-23T22:15:09Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE"
}

References

Affected packages

Maven / io.quarkus:quarkus-vertx-http

Package

Name: io.quarkus:quarkus-vertx-http; View open source insights on deps.dev
Purl: pkg:maven/io.quarkus/quarkus-vertx-http

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.13.7.Final

Affected versions

0.*

0.23.0

0.23.1

0.23.2

0.24.0

0.25.0

0.26.0

0.26.1

0.27.0

0.28.0

0.28.1

1.*

1.0.0.CR1

1.0.0.CR2

1.0.0.Final

1.0.1.Final

1.1.0.CR1

1.1.0.Final

1.1.1.Final

1.2.0.CR1

1.2.0.Final

1.2.1.Final

1.3.0.Alpha1

1.3.0.Alpha2

1.3.0.CR1

1.3.0.CR2

1.3.0.Final

1.3.1.Final

1.3.2.Final

1.3.3.Final

1.3.4.Final

1.4.0.CR1

1.4.0.Final

1.4.1.Final

1.4.2.Final

1.5.0.CR1

1.5.0.Final

1.5.1.Final

1.5.2.Final

1.6.0.CR1

1.6.0.Final

1.6.1.Final

1.7.0.CR1

1.7.0.CR2

1.7.0.Final

1.7.1.Final

1.7.2.Final

1.7.3.Final

1.7.4.Final

1.7.5.Final

1.7.6.Final

1.8.0.CR1

1.8.0.Final

1.8.1.Final

1.8.2.Final

1.8.3.Final

1.9.0.CR1

1.9.0.Final

1.9.1.Final

1.9.2.Final

1.10.0.CR1

1.10.0.Final

1.10.1.Final

1.10.2.Final

1.10.3.Final

1.10.4.Final

1.10.5.Final

1.11.0.Beta1

1.11.0.Beta2

1.11.0.CR1

1.11.0.Final

1.11.1.Final

1.11.2.Final

1.11.3.Final

1.11.4.Final

1.11.5.Final

1.11.6.Final

1.11.7.Final

1.12.0.CR1

1.12.0.Final

1.12.1.Final

1.12.2.Final

1.13.0.CR1

1.13.0.Final

1.13.1.Final

1.13.2.Final

1.13.3.Final

1.13.4.Final

1.13.5.Final

1.13.6.Final

1.13.7.Final

2.*

2.0.0.Alpha1

2.0.0.Alpha2

2.0.0.Alpha3

2.0.0.CR1

2.0.0.CR2

2.0.0.CR3

2.0.0.Final

2.0.1.Final

2.0.2.Final

2.0.3.Final

2.1.0.CR1

2.1.0.Final

2.1.1.Final

2.1.2.Final

2.1.3.Final

2.1.4.Final

2.2.0.CR1

2.2.0.Final

2.2.1.Final

2.2.2.Final

2.2.3.Final

2.2.4.Final

2.2.5.Final

2.3.0.CR1

2.3.0.Final

2.3.1.Final

2.4.0.CR1

2.4.0.Final

2.4.1.Final

2.4.2.Final

2.5.0.CR1

2.5.0.Final

2.5.1.Final

2.5.2.Final

2.5.3.Final

2.5.4.Final

2.6.0.CR1

2.6.0.Final

2.6.1.Final

2.6.2.Final

2.6.3.Final

2.7.0.CR1

2.7.0.Final

2.7.1.Final

2.7.2.Final

2.7.3.Final

2.7.4.Final

2.7.5.Final

2.7.6.Final

2.7.7.Final

2.8.0.CR1

2.8.0.Final

2.8.1.Final

2.8.2.Final

2.8.3.Final

2.9.0.CR1

2.9.0.Final

2.9.1.Final

2.9.2.Final

2.10.0.CR1

2.10.0.Final

2.10.1.Final

2.10.2.Final

2.10.3.Final

2.10.4.Final

2.11.0.CR1

2.11.0.Final

2.11.1.Final

2.11.2.Final

2.11.3.Final

2.12.0.CR1

2.12.0.Final

2.12.1.Final

2.12.2.Final

2.12.3.Final

2.13.0.CR1

2.13.0.Final

2.13.1.Final

2.13.2.Final

2.13.3.Final

2.13.4.Final

2.13.5.Final

2.13.6.Final