PT-2022-25877 · Quarkus · Quarkus
Published
2022-12-06
·
Updated
2022-12-12
·
CVE-2022-4147
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Quarkus (affected versions not specified)
Description
The Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. This issue affects simple GET or POST requests made with XMLHttpRequest, specifically those with no event listeners registered on the object returned by the XMLHttpRequest upload property and no ReadableStream object used in the request.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Quarkus