Skip to main content

CVE-2022-4147

Severity High
Score 7.5/10

Summary

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with "XMLHttpRequest" are the ones that have no event listeners registered on the object returned by the "XMLHttpRequest" upload property and have no "ReadableStream" object used in the request. This vulnerability affects Quarkus versions through 2.13.4.Final, 2.14.0.CR1 through 2.14.1.Final and 3.0.0.Alpha1.

  • HIGH
  • NETWORK
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

Advisory Timeline

  • Published