Markusdlugi

Name of the Vulnerable Software and Affected Versions: Quarkus versions prior to 3.24.0 Description: The issue is related to a potential data leak when duplicating a duplicated context in Quarkus, which extensively uses the Vert.x duplicated context to implement context propagation. This can cause data from one transaction to leak into another. A significant amount of data is stored in the duplicated context, including request scope, security details, and metadata. Duplicating a duplicated context is rare and only occurs in a few places. Recommendations: For versions prior to 3.24.0, update to version 3.24.0 to resolve the issue. As a temporary workaround, consider restricting the use of context duplication to minimize the risk of data leakage.