A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.
History

Sun, 24 Nov 2024 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-04-25T16:29:04.615Z

Updated: 2024-11-24T14:50:46.457Z

Reserved: 2024-02-21T21:51:58.713Z

Link: CVE-2024-1726

cve-icon Vulnrichment

Updated: 2024-08-01T18:48:21.934Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-04-25T17:15:48.257

Modified: 2024-11-21T08:51:10.430

Link: CVE-2024-1726

cve-icon Redhat

Severity : Low

Publid Date: 2024-02-19T00:00:00Z

Links: CVE-2024-1726 - Bugzilla