Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.7.4

Type maven

Namespace io.quarkus.resteasy.reactive

Name resteasy-reactive

Version 3.7.4

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 3.8.0

Latest_non_vulnerable_version 3.8.0

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-e9y6-hjh4-ayek

vulnerability_id VCID-e9y6-hjh4-ayek

summary A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1726.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-1726.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-1726

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08882
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-1726

reference_url

https://github.com/quarkusio/quarkus

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus

reference_url

https://github.com/quarkusio/quarkus/commit/34c1a63baf5401d0d578a23a1a4deb4b841ce65b

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus/commit/34c1a63baf5401d0d578a23a1a4deb4b841ce65b

reference_url

https://github.com/quarkusio/quarkus/commit/96d93427f3b4a7d3cff34d8b7b883e13cecd359c

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus/commit/96d93427f3b4a7d3cff34d8b7b883e13cecd359c

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2
reference_id	cpe:/a:redhat:quarkus:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3.2::el8
reference_id	cpe:/a:redhat:quarkus:3.2::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:quarkus:3.2::el8

reference_url

https://access.redhat.com/security/cve/CVE-2024-1726

reference_id

CVE-2024-1726

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T20:10:39Z/

url

https://access.redhat.com/security/cve/CVE-2024-1726

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-1726

reference_id

CVE-2024-1726

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-1726

reference_url

https://github.com/advisories/GHSA-mv64-86g8-cqq7

reference_id

GHSA-mv64-86g8-cqq7

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mv64-86g8-cqq7

reference_url

https://access.redhat.com/errata/RHSA-2024:1662

reference_id

RHSA-2024:1662

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T20:10:39Z/

url

https://access.redhat.com/errata/RHSA-2024:1662

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2265158

reference_id

show_bug.cgi?id=2265158

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T20:10:39Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2265158

fixed_packages

url	pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.2.11.Final
purl	pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.2.11.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.2.11.Final

url	pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.7.4
purl	pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.7.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.7.4

url	pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.8.0
purl	pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.8.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.8.0

aliases CVE-2024-1726, GHSA-mv64-86g8-cqq7

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e9y6-hjh4-ayek

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.quarkus.resteasy.reactive/resteasy-reactive@3.7.4

Package Instance