Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04ajN4LXczNXItcnc0cs4AA43J
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
Permalink: https://github.com/advisories/GHSA-8j3x-w35r-rw4rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04ajN4LXczNXItcnc0cs4AA43J
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 3 months ago
Updated: 3 months ago
CVSS Score: 8.6
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Identifiers: GHSA-8j3x-w35r-rw4r, CVE-2023-6267
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-6267
- https://access.redhat.com/security/cve/CVE-2023-6267
- https://bugzilla.redhat.com/show_bug.cgi?id=2251155
- https://access.redhat.com/errata/RHSA-2024:0494
- https://access.redhat.com/errata/RHSA-2024:0495
- https://github.com/advisories/GHSA-8j3x-w35r-rw4r
Affected Packages
maven:io.quarkus.resteasy.reactive:resteasy-reactive
Dependent packages: 14Dependent repositories: 121
Downloads:
Affected Version Ranges: >= 3.0.0.Final, < 3.2.9.Final, < 2.13.9.Final
Fixed in: 3.2.9.Final, 2.13.9.Final
All affected versions: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.9.0, 3.9.1, 3.9.2, 3.9.3
All unaffected versions: