VDB

CISA-2024-1726

CISA-2024-1726 PUBLISHED CVSS 5.3 MEDIUM

Reported by redhat · Published April 25, 2024

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
0, 3.3.0.CR1, 3.8.0.CR1
Red HatRed Hat build of Quarkus 3.2.11.Final3.2.11.Final-redhat-00001
Red HatRed Hat build of Quarkus
3.8.0, 0, 3.8.0.CR1
Red HatRed Hat build of Quarkus
Red HatRed Hat build of Quarkus 3.2.11.Final3.2.11.Final-redhat-00001, 3.2.11.Final-redhat-00001

Timeline

  • Apr 25, 2024 CVE Published
  • Nov 21, 2025 CVE Updated
  • Apr 26, 2026 Distribution Patch
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›