High severityNVD Advisory· Published Dec 6, 2022· Updated Apr 14, 2025

CVE-2022-4147

Description

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
io.quarkus:quarkus-vertx-httpMaven	>= 2.14.0.CR1, < 2.14.2.Final	2.14.2.Final
io.quarkus:quarkus-vertx-httpMaven	< 2.13.5.Final	2.13.5.Final

Affected products

Quarkusio/Quarkuscpe-rescue
ghsa-coords
pkg:maven/io.quarkus/quarkus-vertx-http
Range: >= 2.14.0.CR1, < 2.14.2.Final

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-9895-g6x5-xwcpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2022-4147ghsaADVISORY
access.redhat.com/security/cve/CVE-2022-4147ghsaWEB
bugzilla.redhat.com/show_bug.cgighsaWEB
quarkus.io/blog/quarkus-2-14-2-final-releasedghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000