Vulnerability	Vulnerable Version
H Exposure of Resource to Wrong Sphere Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the `duplicated context` process. An attacker can access sensitive data from another transaction by triggering the duplication of an already duplicated context. Note: Duplicating a duplicated context is rather rare and is only done in a few places: Quarkus REST Client when using OTel (but it's the same transaction, so no leak) Quarkus Messaging connectors Quarkus SmallRye Health (same transaction, so no leak) How to fix Exposure of Resource to Wrong Sphere? A fix was pushed into the `master` branch but not yet published.	[3.15.4,)

Exposure of Resource to Wrong Sphere

Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere via the duplicated context process. An attacker can access sensitive data from another transaction by triggering the duplication of an already duplicated context.

Note:

Duplicating a duplicated context is rather rare and is only done in a few places:

Quarkus REST Client when using OTel (but it's the same transaction, so no leak)
Quarkus Messaging connectors
Quarkus SmallRye Health (same transaction, so no leak)

How to fix Exposure of Resource to Wrong Sphere?

A fix was pushed into the master branch but not yet published.

[3.15.4,)

Go back to all versions of this package