Description
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.
Remediation
References
https://access.redhat.com/security/cve/CVE-2022-4147
Related Vulnerabilities
CVE-2016-5007 Vulnerability in maven package org.springframework.security:spring-security-web
CVE-2020-1938 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2018-11039 Vulnerability in maven package org.springframework:spring-web
CVE-2018-15494 Vulnerability in maven package org.webjars.bower:dojox
CVE-2023-34466 Vulnerability in maven package org.xwiki.platform:xwiki-platform-tag-api