Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.quarkus/quarkus-cache@3.2.9.Final
Typemaven
Namespaceio.quarkus
Namequarkus-cache
Version3.2.9.Final
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.2.9.Final
Latest_non_vulnerable_version3.5.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-t5fn-6ztv-c7f5
vulnerability_id VCID-t5fn-6ztv-c7f5
summary 
Exposure of Sensitive Information to an Unauthorized Actor
A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2253113
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2253113
1
reference_url https://github.com/quarkusio/quarkus/commit/d9ace85caec2d8497b1a2c48b8d52bb163f04adf
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/commit/d9ace85caec2d8497b1a2c48b8d52bb163f04adf
2
reference_url https://github.com/quarkusio/quarkus/issues/37078
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/issues/37078
3
reference_url https://github.com/quarkusio/quarkus/pull/37077
reference_id
reference_type
scores
url https://github.com/quarkusio/quarkus/pull/37077
4
reference_url https://access.redhat.com/security/cve/CVE-2023-6393
reference_id CVE-2023-6393
reference_type
scores
url https://access.redhat.com/security/cve/CVE-2023-6393
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-6393
reference_id CVE-2023-6393
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-6393
6
reference_url https://github.com/advisories/GHSA-xfv5-jqgp-vqhj
reference_id GHSA-xfv5-jqgp-vqhj
reference_type
scores
url https://github.com/advisories/GHSA-xfv5-jqgp-vqhj
fixed_packages
0
url pkg:maven/io.quarkus/quarkus-cache@3.2.9.Final
purl pkg:maven/io.quarkus/quarkus-cache@3.2.9.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-cache@3.2.9.Final
1
url pkg:maven/io.quarkus/quarkus-cache@3.5.2
purl pkg:maven/io.quarkus/quarkus-cache@3.5.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-cache@3.5.2
aliases CVE-2023-6393, GHSA-xfv5-jqgp-vqhj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t5fn-6ztv-c7f5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus/quarkus-cache@3.2.9.Final