Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-mv64-86g8-cqq7: Quarkus: security checks in resteasy reactive may trigger a denial of service

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.

ghsa
#vulnerability#dos#git#java#maven

Skip to content

Navigation Menu

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2024-1726

Quarkus: security checks in resteasy reactive may trigger a denial of service

Moderate severity GitHub Reviewed Published Apr 25, 2024 to the GitHub Advisory Database • Updated Apr 25, 2024

Package

maven io.quarkus.resteasy.reactive:resteasy-reactive (Maven)

Affected versions

= 3.8.0.CR1

>= 3.3.0.CR1, < 3.7.4

< 3.2.11.Final

Patched versions

3.8.0

3.7.4

3.2.11.Final

Description

Published to the GitHub Advisory Database

Apr 25, 2024

Last updated

Apr 25, 2024

Related news

Red Hat Security Advisory 2024-1662-03

Red Hat Security Advisory 2024-1662-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include denial of service, information leakage, and memory leak vulnerabilities.