Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-4147

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.

Published

2022-12-06T19:15:10.613

Last Modified

2025-04-14T18:15:25.110

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
CWE-1026

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	quarkus	quarkus	< 2.13.5	Yes
Application	quarkus	quarkus	< 2.14.2	Yes

References

https://access.redhat.com/security/cve/CVE-2022-4147 Vendor Advisory ([email protected])
https://access.redhat.com/security/cve/CVE-2022-4147 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)