Description
A flaw was found in SmallRye's API through version 1.6.1. The API can allow other code running within the application server to potentially obtain the ClassLoader, bypassing any permissions checks that should have been applied. The largest threat from this vulnerability is a threat to data confidentiality. This is fixed in SmallRye 1.6.2
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1802444
Related Vulnerabilities
CVE-2017-16029 Vulnerability in npm package hostr
CVE-2023-44794 Vulnerability in maven package cn.dev33:sa-token-core
CVE-2023-36665 Vulnerability in npm package protobufjs
CVE-2023-28155 Vulnerability in npm package request
CVE-2022-4361 Vulnerability in maven package org.keycloak:keycloak-services