GHSA-g56w-cwg4-hxx9
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g56w-cwg4-hxx9
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-g56w-cwg4-hxx9/GHSA-g56w-cwg4-hxx9.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g56w-cwg4-hxx9
- Aliases
- Published
- 2022-11-22T21:30:17Z
- Modified
- 2023-11-08T04:10:27.149762Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Code injection in quarkus dev ui config editor
- Details
-
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
- Database specific
{ "cwe_ids": [ "CWE-74", "CWE-94" ], "severity": "CRITICAL", "nvd_published_at": "2022-11-22T19:15:00Z", "github_reviewed_at": "2022-11-23T17:42:15Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-4116
- https://access.redhat.com/security/cve/CVE-2022-4116
- https://bugzilla.redhat.com/show_bug.cgi?id=2144748
- https://github.com/quarkusio/quarkus
- https://github.com/quarkusio/quarkus/discussions/29527
- https://github.com/quarkusio/quarkus/discussions/29527#discussioncomment-4387809
Affected packages
Maven / io.quarkus:quarkus-vertx-http-deployment
Package
- Name
- io.quarkus:quarkus-vertx-http-deployment
- View open source insights on deps.dev
- Purl
- pkg:maven/io.quarkus/quarkus-vertx-http-deployment
Maven / io.quarkus:quarkus-vertx-http-deployment
Package
- Name
- io.quarkus:quarkus-vertx-http-deployment
- View open source insights on deps.dev
- Purl
- pkg:maven/io.quarkus/quarkus-vertx-http-deployment
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.13.5.Final
Affected versions
0.*
0.23.0
0.23.1
0.23.2
0.24.0
0.25.0
0.26.0
0.26.1
0.27.0
0.28.0
0.28.1
1.*
1.0.0.CR1
1.0.0.CR2
1.0.0.Final
1.0.1.Final
1.1.0.CR1
1.1.0.Final
1.1.1.Final
1.2.0.CR1
1.2.0.Final
1.2.1.Final
1.3.0.Alpha1
1.3.0.Alpha2
1.3.0.CR1
1.3.0.CR2
1.3.0.Final
1.3.1.Final
1.3.2.Final
1.3.3.Final
1.3.4.Final
1.4.0.CR1
1.4.0.Final
1.4.1.Final
1.4.2.Final
1.5.0.CR1
1.5.0.Final
1.5.1.Final
1.5.2.Final
1.6.0.CR1
1.6.0.Final
1.6.1.Final
1.7.0.CR1
1.7.0.CR2
1.7.0.Final
1.7.1.Final
1.7.2.Final
1.7.3.Final
1.7.4.Final
1.7.5.Final
1.7.6.Final
1.8.0.CR1
1.8.0.Final
1.8.1.Final
1.8.2.Final
1.8.3.Final
1.9.0.CR1
1.9.0.Final
1.9.1.Final
1.9.2.Final
1.10.0.CR1
1.10.0.Final
1.10.1.Final
1.10.2.Final
1.10.3.Final
1.10.4.Final
1.10.5.Final
1.11.0.Beta1
1.11.0.Beta2
1.11.0.CR1
1.11.0.Final
1.11.1.Final
1.11.2.Final
1.11.3.Final
1.11.4.Final
1.11.5.Final
1.11.6.Final
1.11.7.Final
1.12.0.CR1
1.12.0.Final
1.12.1.Final
1.12.2.Final
1.13.0.CR1
1.13.0.Final
1.13.1.Final
1.13.2.Final
1.13.3.Final
1.13.4.Final
1.13.5.Final
1.13.6.Final
1.13.7.Final
2.*
2.0.0.Alpha1
2.0.0.Alpha2
2.0.0.Alpha3
2.0.0.CR1
2.0.0.CR2
2.0.0.CR3
2.0.0.Final
2.0.1.Final
2.0.2.Final
2.0.3.Final
2.1.0.CR1
2.1.0.Final
2.1.1.Final
2.1.2.Final
2.1.3.Final
2.1.4.Final
2.2.0.CR1
2.2.0.Final
2.2.1.Final
2.2.2.Final
2.2.3.Final
2.2.4.Final
2.2.5.Final
2.3.0.CR1
2.3.0.Final
2.3.1.Final
2.4.0.CR1
2.4.0.Final
2.4.1.Final
2.4.2.Final
2.5.0.CR1
2.5.0.Final
2.5.1.Final
2.5.2.Final
2.5.3.Final
2.5.4.Final
2.6.0.CR1
2.6.0.Final
2.6.1.Final
2.6.2.Final
2.6.3.Final
2.7.0.CR1
2.7.0.Final
2.7.1.Final
2.7.2.Final
2.7.3.Final
2.7.4.Final
2.7.5.Final
2.7.6.Final
2.7.7.Final
2.8.0.CR1
2.8.0.Final
2.8.1.Final
2.8.2.Final
2.8.3.Final
2.9.0.CR1
2.9.0.Final
2.9.1.Final
2.9.2.Final
2.10.0.CR1
2.10.0.Final
2.10.1.Final
2.10.2.Final
2.10.3.Final
2.10.4.Final
2.11.0.CR1
2.11.0.Final
2.11.1.Final
2.11.2.Final
2.11.3.Final
2.12.0.CR1
2.12.0.Final
2.12.1.Final
2.12.2.Final
2.12.3.Final
2.13.0.CR1
2.13.0.Final
2.13.1.Final
2.13.2.Final
2.13.3.Final
2.13.4.Final