A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HQuarkus
APPQuarkus< 2.13.52.14.0 – 2.14.2 (bez)Red Hat Build Of Quarkus
APPRedhatwszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCE
Powiązane podatności
CVE-2024-12225CRITICAL9.1PL ✓ten sam produkt
Quarkus WebAuthn: pominięcie uwierzytelnienia przez domyślne endpointy REST
CVE-2022-2466CRITICAL9.8ten sam produkt
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictab...
CVE-2021-26291CRITICAL9.1ten sam produkt
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may ...
CVE-2026-50559HIGH7.5ten sam produkt
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1...
CVE-2026-39852HIGH8.8ten sam produkt
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3...