Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.quarkus/quarkus-vertx-http@3.3.3
Typemaven
Namespaceio.quarkus
Namequarkus-vertx-http
Version3.3.3
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-c2p4-3m34-8kbw
vulnerability_id VCID-c2p4-3m34-8kbw
summary 
Quarkus HTTP vulnerable to incorrect evaluation of permissions
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
references
0
reference_url https://access.redhat.com/errata/RHSA-2023:5170
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5170
1
reference_url https://access.redhat.com/errata/RHSA-2023:5310
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5310
2
reference_url https://access.redhat.com/errata/RHSA-2023:5337
reference_id
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5337
3
reference_url https://access.redhat.com/security/vulnerabilities/RHSB-2023-002
reference_id
reference_type
scores
url https://access.redhat.com/security/vulnerabilities/RHSB-2023-002
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2238034
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2238034
5
reference_url https://github.com/quarkusio/quarkus/discussions/35940
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/discussions/35940
6
reference_url https://github.com/quarkusio/quarkus/issues/35785
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/issues/35785
7
reference_url https://access.redhat.com/security/cve/CVE-2023-4853
reference_id CVE-2023-4853
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2023-4853
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-4853
reference_id CVE-2023-4853
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-4853
9
reference_url https://github.com/advisories/GHSA-4f4r-wgv2-jjvg
reference_id GHSA-4f4r-wgv2-jjvg
reference_type
scores
url https://github.com/advisories/GHSA-4f4r-wgv2-jjvg
fixed_packages
0
url pkg:maven/io.quarkus/quarkus-vertx-http@2.16.11.Final
purl pkg:maven/io.quarkus/quarkus-vertx-http@2.16.11.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx-http@2.16.11.Final
1
url pkg:maven/io.quarkus/quarkus-vertx-http@3.2.6.Final
purl pkg:maven/io.quarkus/quarkus-vertx-http@3.2.6.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx-http@3.2.6.Final
2
url pkg:maven/io.quarkus/quarkus-vertx-http@3.3.3
purl pkg:maven/io.quarkus/quarkus-vertx-http@3.3.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx-http@3.3.3
aliases CVE-2023-4853, GHSA-4f4r-wgv2-jjvg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2p4-3m34-8kbw
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-vertx-http@3.3.3