Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Quarkus potential data leak when duplicating a duplicated context
Vulnerability Description
Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation. With the new semantic data from one transaction can leak to the data from another transaction. From a Vert.x point of view, this new semantic clarifies the behavior. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rather rare and is only done in a few places. This issue has been patched in version 3.24.1, 3.20.2, and 3.15.6.
CVSS Information
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
将资源暴露给错误范围
Vulnerability Title
Quarkus 安全漏洞
Vulnerability Description
Quarkus是Quarkus开源的一个用于编写 Java 应用程序的云原生 (Linux) 容器优先框架。 Quarkus 3.24.0之前版本存在安全漏洞,该漏洞源于复制重复上下文时可能导致数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A