Headline
GHSA-mv64-86g8-cqq7: Quarkus: security checks in resteasy reactive may trigger a denial of service
A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.
Skip to content
Navigation Menu
Actions
Automate any workflow
Packages
Host and manage packages
Security
Find and fix vulnerabilities
Codespaces
Instant dev environments
Copilot
Write better code with AI
Code review
Manage code changes
Issues
Plan and track work
Discussions
Collaborate outside of code
GitHub Sponsors
Fund open source developers
* The ReadME Project
GitHub community articles
- Pricing
Provide feedback
Saved searches****Use saved searches to filter your results more quickly
Sign up
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2024-1726
Quarkus: security checks in resteasy reactive may trigger a denial of service
Moderate severity GitHub Reviewed Published Apr 25, 2024 to the GitHub Advisory Database • Updated Apr 25, 2024
Package
maven io.quarkus.resteasy.reactive:resteasy-reactive (Maven)
Affected versions
= 3.8.0.CR1
>= 3.3.0.CR1, < 3.7.4
< 3.2.11.Final
Patched versions
3.8.0
3.7.4
3.2.11.Final
Description
Published to the GitHub Advisory Database
Apr 25, 2024
Last updated
Apr 25, 2024
Related news
Red Hat Security Advisory 2024-1662-03 - An update is now available for Red Hat build of Quarkus. Issues addressed include denial of service, information leakage, and memory leak vulnerabilities.