Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1wNjJxLTU0ODMtaDU3ds4AA3MZ
Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
Permalink: https://github.com/advisories/GHSA-p62q-5483-h57vJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1wNjJxLTU0ODMtaDU3ds4AA3MZ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 6 months ago
Updated: 6 months ago
CVSS Score: 7.7
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Identifiers: GHSA-p62q-5483-h57v, CVE-2023-5720
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-5720
- https://access.redhat.com/security/cve/CVE-2023-5720
- https://bugzilla.redhat.com/show_bug.cgi?id=2245700
- https://github.com/advisories/GHSA-p62q-5483-h57v
Affected Packages
maven:io.quarkus:quarkus-project
Affected Version Ranges: >= 3.0.0.CR1, <= 3.5.1No known fixed version