VDB
CISA-2024-1726
CISA-2024-1726
PUBLISHED
CVSS 5.3 MEDIUM
Reported by redhat · Published April 25, 2024
A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.
Risk Scores
CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0, 3.3.0.CR1, 3.8.0.CR1 | ||
| Red Hat | Red Hat build of Quarkus 3.2.11.Final | 3.2.11.Final-redhat-00001 |
| Red Hat | Red Hat build of Quarkus | |
| 3.8.0, 0, 3.8.0.CR1 | ||
| Red Hat | Red Hat build of Quarkus | |
| Red Hat | Red Hat build of Quarkus 3.2.11.Final | 3.2.11.Final-redhat-00001, 3.2.11.Final-redhat-00001 |
Timeline
- Apr 25, 2024 CVE Published
- Nov 21, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
References
- RHSA-2024:1662 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2265158 issue-trackingx_refsource_REDHAT