Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.quarkus/quarkus-undertow@2.16.11.Final

Type maven

Namespace io.quarkus

Name quarkus-undertow

Version 2.16.11.Final

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.2.6.Final

Latest_non_vulnerable_version 3.3.3

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-c2p4-3m34-8kbw

vulnerability_id VCID-c2p4-3m34-8kbw

summary

Quarkus HTTP vulnerable to incorrect evaluation of permissions
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.

references

reference_url

https://access.redhat.com/articles/11258

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/articles/11258

reference_url

https://access.redhat.com/errata/RHSA-2023:5170

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5170

reference_url

https://access.redhat.com/errata/RHSA-2023:5310

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5310

reference_url

https://access.redhat.com/errata/RHSA-2023:5337

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5337

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4853.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4853.json

reference_url

https://access.redhat.com/security/vulnerabilities/RHSB-2023-002

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/vulnerabilities/RHSB-2023-002

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2238034

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=2238034

reference_url

https://github.com/quarkusio/quarkus

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus

reference_url

https://github.com/quarkusio/quarkus/discussions/35940

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus/discussions/35940

reference_url

https://github.com/quarkusio/quarkus/issues/35785

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus/issues/35785

reference_url

https://access.redhat.com/security/cve/CVE-2023-4853

reference_id

CVE-2023-4853

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/CVE-2023-4853

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-4853

reference_id

CVE-2023-4853

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-4853

reference_url	https://github.com/advisories/GHSA-4f4r-wgv2-jjvg
reference_id	GHSA-4f4r-wgv2-jjvg
reference_type
scores
url	https://github.com/advisories/GHSA-4f4r-wgv2-jjvg

reference_url

https://access.redhat.com/errata/RHSA-2023:5446

reference_id

RHSA-2023:5446

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5446

reference_url

https://access.redhat.com/errata/RHSA-2023:5479

reference_id

RHSA-2023:5479

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5479

reference_url

https://access.redhat.com/errata/RHSA-2023:5480

reference_id

RHSA-2023:5480

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:5480

reference_url

https://access.redhat.com/errata/RHSA-2023:6107

reference_id

RHSA-2023:6107

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:6107

reference_url

https://access.redhat.com/errata/RHSA-2023:6112

reference_id

RHSA-2023:6112

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:6112

reference_url

https://access.redhat.com/errata/RHSA-2023:7653

reference_id

RHSA-2023:7653

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2023:7653

fixed_packages

url	pkg:maven/io.quarkus/quarkus-undertow@2.16.11.Final
purl	pkg:maven/io.quarkus/quarkus-undertow@2.16.11.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-undertow@2.16.11.Final

url	pkg:maven/io.quarkus/quarkus-undertow@3.2.6.Final
purl	pkg:maven/io.quarkus/quarkus-undertow@3.2.6.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-undertow@3.2.6.Final

url	pkg:maven/io.quarkus/quarkus-undertow@3.3.3
purl	pkg:maven/io.quarkus/quarkus-undertow@3.3.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-undertow@3.3.3

aliases CVE-2023-4853, GHSA-4f4r-wgv2-jjvg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c2p4-3m34-8kbw

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-undertow@2.16.11.Final

Package Instance