Maven package
io.quarkus/quarkus-rest
pkg:maven/io.quarkus/quarkus-rest
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-66560 | — | < 3.20.5 | 3.20.5 | Jan 7, 2026 | Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits f | ||
| CVE-2025-1247 | Hig | 8.3 | >= 3.16.0.CR1, < 3.18.2 | 3.18.2 | Feb 13, 2025 | A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information. |
- CVE-2025-66560Jan 7, 2026affected < 3.20.5fixed 3.20.5
Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. Prior to versions 3.31.0, 3.27.2, and 3.20.5, a vulnerability exists in the HTTP layer of Quarkus REST related to response handling. When a response is being written, the framework waits f
- affected >= 3.16.0.CR1, < 3.18.2fixed 3.18.2
A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.