Code injection in quarkus dev ui config editor
Critical severity
GitHub Reviewed
Published
Nov 22, 2022
to the GitHub Advisory Database
•
Updated Jan 30, 2023
Package
Affected versions
>= 2.14.0, < 2.14.2.Final
< 2.13.5.Final
Patched versions
2.14.2.Final
2.13.5.Final
Description
Published by the National Vulnerability Database
Nov 22, 2022
Published to the GitHub Advisory Database
Nov 22, 2022
Reviewed
Nov 23, 2022
Last updated
Jan 30, 2023
Credits
-
jmini Analyst
A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.
References