Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HQuarkus
APPQuarkus2.0 – 2.13.5 (bez)2.14.0 – 2.14.2 (bez)
Related vulnerabilities
Quarkus WebAuthn: pominięcie uwierzytelnienia przez domyślne endpointy REST
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable t...
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictab...
Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may ...
Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1...