PT-2022-16781 · Quarkus · Quarkus
Yuxblank
·
Published
2022-08-31
·
Updated
2022-09-06
·
CVE-2022-2466
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Quarkus versions 2.10.x through 2.10.3
Description
The issue is related to Quarkus not terminating HTTP requests header context, which may lead to unpredictable behavior. This is a problem in the framework that can cause unexpected outcomes.
Recommendations
For Quarkus versions 2.10.x through 2.10.3, update to version 2.10.4Final to resolve the issue.
Exploit
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quarkus