Known Vulnerabilities for products from Quarkus
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Quarkus".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-21724 | pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doin... | 9.8 - CRITICAL | 2022-02-02 | 2023-11-07 |
| CVE-2022-21363 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected ... | 6.6 - MEDIUM | 2022-01-19 | 2022-05-27 |
| CVE-2021-43797 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2021-12-09 | 2023-02-24 |
| CVE-2021-38153 | Some components in Apache Kafka use `Arrays.equals` to validate a password or key, which is vulnerable to timing attacks that... | 5.9 - MEDIUM | 2021-09-22 | 2023-11-07 |
| CVE-2021-37714 | jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may ... | 7.5 - HIGH | 2021-08-18 | 2023-11-07 |
| CVE-2021-37137 | The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it ... | 7.5 - HIGH | 2021-10-19 | 2023-11-07 |
| CVE-2021-37136 | The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affec... | 7.5 - HIGH | 2021-10-19 | 2023-11-07 |
| CVE-2021-29429 | In Gradle before version 7.0, files created with open permissions in the system temporary directory can allow an attacker to ... | 5.5 - MEDIUM | 2021-04-12 | 2021-10-20 |
| CVE-2021-29428 | In Gradle before version 7.0, on Unix-like systems, the system temporary directory can be created with open permissions that ... | 7.8 - HIGH | 2021-04-13 | 2021-10-20 |
| CVE-2021-29427 | In Gradle from version 5.1 and before version 7.0 there is a vulnerability which can lead to information disclosure and/or de... | 7.2 - HIGH | 2021-04-13 | 2021-10-20 |
| CVE-2021-28170 | In the Jakarta Expression Language implementation 3.0.3 and earlier, a bug in the ELParserTokenManager enables invalid EL exp... | 5.3 - MEDIUM | 2021-05-26 | 2022-04-25 |
| CVE-2021-26291 | Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising... | 9.1 - CRITICAL | 2021-04-23 | 2023-11-07 |
| CVE-2021-21409 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.9 - MEDIUM | 2021-03-30 | 2023-11-07 |
| CVE-2021-21295 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.9 - MEDIUM | 2021-03-09 | 2023-11-07 |
| CVE-2021-21290 | Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high p... | 5.5 - MEDIUM | 2021-02-08 | 2023-11-07 |
| CVE-2021-20328 | Specific versions of the Java driver that support client-side field level encryption (CSFLE) fail to perform correct host nam... | 6.8 - MEDIUM | 2021-02-25 | 2021-06-11 |
| CVE-2021-20289 | A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned ... | 5.3 - MEDIUM | 2021-03-26 | 2022-05-10 |
| CVE-2021-3642 | A flaw was found in Wildfly Elytron in versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final where... | 5.3 - MEDIUM | 2021-08-05 | 2021-10-20 |
| CVE-2021-2471 | Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected ... | 5.9 - MEDIUM | 2021-10-20 | 2022-04-28 |
| CVE-2020-28491 | This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 a... | 7.5 - HIGH | 2021-02-18 | 2022-12-06 |
Known software with vulnerabilities from Quarkus
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Quarkus | Gizmo | 1.0.0 |
| Application | Quarkus | Quarkus | 0.0.1 |
| Application | Quarkus | Quarkus-http | 3.0.0 |
| Application | Quarkus | Quarkus-security | 1.0.0 |