Vulnerability	Vulnerable Version
H Path Equivalence io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications. Affected versions of this package are vulnerable to Path Equivalence in the `pathWithoutMatrixParams()` of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized access to protected static resources and retrieve sensitive information by circumventing path-based authorization controls. How to fix Path Equivalence? Upgrade `io.quarkus:quarkus-vertx-http` to version 3.20.6.2, 3.27.4.1, 3.33.2.1, 3.36.3, 3.37.0 or higher.	[,3.20.6.2)[3.21.0.CR1,3.27.4.1)[3.28.0.CR1,3.33.2.1)[3.34.0.CR1,3.36.3)[3.37.0.CR1,3.37.0)

Path Equivalence

io.quarkus:quarkus-vertx-http is a Cloud Native, (Linux) Container First framework for writing Java applications.

Affected versions of this package are vulnerable to Path Equivalence in the pathWithoutMatrixParams() of AbstractPathMatchingHttpSecurityPolicy via specially crafted HTTP requests containing encoded semicolons, slashes, or backslashes in the request path. An attacker can gain unauthorized access to protected static resources and retrieve sensitive information by circumventing path-based authorization controls.

How to fix Path Equivalence?

Upgrade io.quarkus:quarkus-vertx-http to version 3.20.6.2, 3.27.4.1, 3.33.2.1, 3.36.3, 3.37.0 or higher.

[,3.20.6.2)[3.21.0.CR1,3.27.4.1)[3.28.0.CR1,3.33.2.1)[3.34.0.CR1,3.36.3)[3.37.0.CR1,3.37.0)

Go back to all versions of this package