CVE-2024-1726 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-1726 PUBLISHED CVSS 5.300000190734863 MEDIUM

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.

EPSS 0.03% · 10.0th percentile

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Score

0.03%

10.0th percentile

Affected Products

Vendor	Product	Versions
		0, 3.3.0.CR1, 3.8.0.CR1
Red Hat	Red Hat build of Quarkus 3.2.11.Final	3.2.11.Final-redhat-00001, 3.2.11.Final-redhat-00001, 3.2.11.Final-redhat-00001
Red Hat	Red Hat build of Quarkus
Maven	io.quarkus.resteasy.reactive:resteasy-reactive	3.8.0.CR1, 3.8.0.CR1, 3.3.0.CR1

Timeline

Feb 22, 2024 PoC Published
Apr 25, 2024 CVE Published
Apr 26, 2024 EPSS Score
May 20, 2024 EPSS Score
Jun 14, 2024 EPSS Score
Jul 8, 2024 EPSS Score
Jul 31, 2024 EPSS Score
Aug 28, 2024 EPSS Score
Sep 21, 2024 EPSS Score
Oct 4, 2024 Coalition ESS Score
Oct 15, 2024 EPSS Score
Nov 8, 2024 EPSS Score

References

Open in Interactive Console →