A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an malicious user to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
quarkus quarkus |
||
redhat decision manager 7.0 |
||
redhat jboss middleware text-only advisories 1.0 |
||
redhat jboss middleware 1 |
||
redhat integration service registry - |
||
redhat integration camel quarkus - |
||
redhat build of quarkus |
||
redhat openshift serverless - |
||
redhat integration camel k |
||
redhat process automation manager 7.0 |
||
redhat build of optaplanner 8.0 |
||
redhat openshift serverless 1.0 |
||
redhat openshift_container_platform 4.10 |
||
redhat openshift_container_platform 4.11 |
||
redhat openshift_container_platform 4.12 |