CVSS: 8.1EPSS: 4%CPEs: 18EXPL: 1CVE-2023-4853 – Quarkus: http security policy bypass
https://notcve.org/view.php?id=CVE-2023-4853
15 Sep 2023 — A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. Se encontró una falla en Quarkus donde las políticas de seguridad HTTP no sanitiza correctamente ciertas permutaciones de caracteres al aceptar solicitudes, lo que res... • https://access.redhat.com/errata/RHSA-2023:5170 • CWE-148: Improper Neutralization of Input Leaders CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3703 – serverless: incomplete fix for CVE-2021-27918 / CVE-2021-31525 / CVE-2021-33196
https://notcve.org/view.php?id=CVE-2021-3703
16 Sep 2021 — It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0. Se ha detectado que las vulnerabilidades CVE-2021-27918, CVE-2021-31525 y CVE-2021-33196 se han mencionado incorrectamente como corregidas en RHSA para Serverless versión 1.16.0 y Serverless client kn versión 1.16.0. Estos han sido corregidos con Serverless versión 1.17.0. CVE-2021-27918, ... • https://access.redhat.com/security/cve/CVE-2021-3703 •