CVE-2022-4147
Summary
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with "XMLHttpRequest" are the ones that have no event listeners registered on the object returned by the "XMLHttpRequest" upload property and have no "ReadableStream" object used in the request. This vulnerability affects Quarkus versions through 2.13.4.Final, 2.14.0.CR1 through 2.14.1.Final and 3.0.0.Alpha1.
- HIGH
- NETWORK
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- HIGH
References
Advisory Timeline
- Published