GHSA-p62q-5483-h57v
First published: Wed Nov 15 2023(Updated: )
A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/io.quarkus:quarkus-project | >=3.0.0.CR1<=3.5.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this flaw in Quarkus?
The vulnerability ID for this flaw in Quarkus is GHSA-p62q-5483-h57v.
What is the severity of GHSA-p62q-5483-h57v?
The severity of GHSA-p62q-5483-h57v is high with a severity value of 7.7.
How does this flaw occur in Quarkus?
This flaw occurs in Quarkus when it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain.
What can an attacker potentially access due to this flaw?
Due to this flaw, an attacker can potentially access sensitive information from the build system within the Quarkus application.
How can I fix this vulnerability in Quarkus?
To fix this vulnerability in Quarkus, make sure to update to a version that is not affected, such as versions after 3.5.1 or 3.0.0.CR1.
- collector/github-advisory-latest
- alias/GHSA-p62q-5483-h57v
- alias/CVE-2023-5720
- collector/github-advisory
- package-manager/maven