CVE-2022-2466

CRITICAL9.8EPSS 12.8%

Quarkus does not terminate HTTP requests header context

Published: 9/1/2022Modified: 11/8/2023

Description

Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. This issue was fixed in version 2.10.4Final.

Affected packages (1)

Maven/io.quarkus:quarkus-core-parent>= 2.10.0, < 2.10.4

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-2466
PATCHhttps://github.com/quarkusio/quarkus
WEBhttps://github.com/quarkusio/quarkus/issues/26748
WEBhttps://github.com/quarkusio/quarkus/releases/tag/2.10.4.Final