A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.quarkus:quarkus-rest(Maven) | 3.16.0.CR1 | 3.18.2 | N/A |
| io.quarkus:quarkus-rest-deployment(Maven) | 3.16.0.CR1 | 3.18.2 | N/A |
| io.quarkus:quarkus-rest(Maven) | 3.9.0.CR1 | 3.15.3.1 | N/A |
| io.quarkus:quarkus-rest-deployment(Maven) | 3.9.0.CR1 | 3.15.3.1 | N/A |
| io.quarkus:quarkus-rest(Maven) | 0 | 3.8.6.1 | N/A |
| io.quarkus:quarkus-rest-deployment(Maven) | 0 | 3.8.6.1 | N/A |
CVSS Metrics
