GHSA-mwhw-6p27-4crc

Source

https://github.com/advisories/GHSA-mwhw-6p27-4crc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/09/GHSA-mwhw-6p27-4crc/GHSA-mwhw-6p27-4crc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-mwhw-6p27-4crc

Aliases

CVE-2022-2466

Published

2022-09-01T00:00:23Z

Modified

2023-11-08T04:08:32.348432Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Quarkus does not terminate HTTP requests header context

Details

Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. This issue was fixed in version 2.10.4Final.

Database specific

{
    "nvd_published_at": "2022-08-31T16:15:00Z",
    "github_reviewed_at": "2022-09-16T17:41:19Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-444"
    ]
}

References

Affected packages

Maven / io.quarkus:quarkus-core-parent

Package

Name: io.quarkus:quarkus-core-parent; View open source insights on deps.dev
Purl: pkg:maven/io.quarkus/quarkus-core-parent

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.10.0

Fixed

2.10.4

Affected versions

2.*

2.10.0.Final

2.10.1.Final

2.10.2.Final

2.10.3.Final