CVE-2024-2700

Name of the Vulnerable Software and Affected Versions Quarkus (affected versions not specified)

Description A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, and the resulting application inherits these values. Some local environment variables may have been set for testing purposes, such as dropping the database during application startup or trusting all TLS certificates. If these properties are configured using environment variables or the .env facility, they are captured into the built application, leading to potentially dangerous behavior if not overridden. This behavior only affects configuration properties from the quarkus.* namespace.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.