A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-09-20T09:47:32.150Z
Updated: 2024-11-23T01:02:43.871Z
Reserved: 2023-09-08T16:10:38.379Z
Link: CVE-2023-4853
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-09-20T10:15:14.947
Modified: 2024-11-21T08:36:06.910
Link: CVE-2023-4853
Redhat