Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2022-4147 Vulnerability in maven package io.quarkus:quarkus-vertx-http-deployment

Description

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.

Remediation

References

https://access.redhat.com/security/cve/CVE-2022-4147

Related Vulnerabilities

CVE-2015-5255 Vulnerability in maven package org.apache.flex.blazeds:flex-messaging-core

CVE-2023-41900 Vulnerability in maven package org.eclipse.jetty:jetty-openid

CVE-2022-24697 Vulnerability in maven package org.apache.kylin:kylin-spark-engine

CVE-2023-28709 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2022-29036 Vulnerability in maven package org.jenkins-ci.plugins:credentials

Severity

High

Classification

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Vendor Advisory NVD-CWE-noinfo