Maven package
io.quarkus/quarkus-vertx-http
pkg:maven/io.quarkus/quarkus-vertx-http
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-39852 | Hig | 8.2 | < 3.20.6.1 | 3.20.6.1 | May 5, 2026 | Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged user | |
| CVE-2023-4853 | — | < 2.16.11.Final | 2.16.11.Final | Sep 20, 2023 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting i | ||
| CVE-2023-0044 | — | < 2.13.7.Final | 2.13.7.Final | Feb 23, 2023 | If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature. | ||
| CVE-2022-4147 | — | >= 2.14.0.CR1, < 2.14.2.Final | 2.14.2.Final | Dec 6, 2022 | Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStre |
- affected < 3.20.6.1fixed 3.20.6.1
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows unauthenticated or lower-privileged user
- CVE-2023-4853Sep 20, 2023affected < 2.16.11.Finalfixed 2.16.11.Final
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting i
- CVE-2023-0044Feb 23, 2023affected < 2.13.7.Finalfixed 2.13.7.Final
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
- CVE-2022-4147Dec 6, 2022affected >= 2.14.0.CR1, < 2.14.2.Finalfixed 2.14.2.Final
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStre