io.quarkus:quarkus-vertx-http@2.13.2.Final vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the io.quarkus:quarkus-vertx-http package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Access Restriction Bypass

io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications.

Affected versions of this package are vulnerable to Access Restriction Bypass when using HTTP security path-based rules to protect HTTP endpoints. This issue allows unauthorized access to secured paths—such as /a/protected/path simply by adding an extra slash, like so: /a/protected//path.

How to fix Access Restriction Bypass?

Upgrade io.quarkus:quarkus-vertx-http to version 2.16.11.Final, 3.2.6.Final, 3.3.3 or higher.

[,2.16.11.Final) [3.2.0,3.2.6.Final) [3.3.0,3.3.3)
  • M
Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')

io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications.

Affected versions of this package are vulnerable to Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') such that the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.

How to fix Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')?

Upgrade io.quarkus:quarkus-vertx-http to version 2.16.8.Final, 3.2.1.Final or higher.

[,2.16.8.Final) [3.0.0.Alpha1,3.2.1.Final)
  • M
Cross-site Scripting (XSS)

io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, if the Quarkus Form Authentication session cookie Path attribute is set to /.

Note: This attack can be prevented with the Quarkus CSRF Prevention feature.

How to fix Cross-site Scripting (XSS)?

Upgrade io.quarkus:quarkus-vertx-http to version 2.13.7.Final or higher.

[,2.13.7.Final)
  • H
Access Restriction Bypass

io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications.

Affected versions of this package are vulnerable to Access Restriction Bypass via the CORS filter which allows simple GET and POST requests with invalid Origin to proceed.

How to fix Access Restriction Bypass?

Upgrade io.quarkus:quarkus-vertx-http to version 2.7.7.Final, 2.13.5.Final, 2.14.2.Final or higher.

[,2.7.7.Final) [2.8.0.CR1,2.13.5.Final) [2.14.0.CR1,2.14.2.Final)