Описание
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of OptaPlanner 8 | quarkus-resteasy-reactive | Affected | ||
| Red Hat Fuse 7 | resteasy | Not affected | ||
| Red Hat Integration Camel K 1 | resteasy-core | Fix deferred | ||
| Red Hat Integration Camel Quarkus 2 | quarkus-resteasy-reactive | Not affected | ||
| Red Hat build of Quarkus 2.13.9.Final | io.quarkus/quarkus-resteasy | Fixed | RHSA-2024:0494 | 25.01.2024 |
| Red Hat build of Quarkus 3.2.9.Final | io.quarkus/quarkus-resteasy | Fixed | RHSA-2024:0495 | 25.01.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.6 High
CVSS3
Связанные уязвимости
A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
EPSS
8.6 High
CVSS3