HIGH🇵🇱 Wersja polska

CVE-2023-5720

CVSS 7.7v3.1pub. 2023-11-15upd. 2024-11-21

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • Quarkus

    APP
    Quarkus
    3.0.03.0.1 – 3.2.8 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-12225CRITICAL9.1PL ✓ten sam produkt

Quarkus WebAuthn: pominięcie uwierzytelnienia przez domyślne endpointy REST

CVE-2022-4116CRITICAL9.8ten sam produkt

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable t...

CVE-2022-2466CRITICAL9.8ten sam produkt

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictab...

CVE-2021-26291CRITICAL9.1ten sam produkt

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may ...

CVE-2026-50559HIGH7.5ten sam produkt

Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1...