VYPR

Maven package

io.quarkus.http/quarkus-http-core

pkg:maven/io.quarkus.http/quarkus-http-core

Vulnerabilities (1)

  • CVE-2024-12397HigDec 12, 2024
    affected < 5.3.4fixed 5.3.4

    A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leadi