Improper Handling of Exceptional Conditions

Summary

A flaw was found in Quarkus in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration-based security. This vulnerability affects Quarkus package versions through 3.2.9.Final, 3.3.0.CR1 through 3.6.7, 3.7.0.CR1 and 3.7.0. NOTE: This shares same fix commit as CVE-2023-5675.