Quarkus: >> Quarkus >> 2.10.3 Security Vulnerabilities
In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-10-02
It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.
CVSS Score
9.8
EPSS Score
0.122
Published
2022-08-31
Page 2