io.quarkus:quarkus-vertx-http

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting io.quarkus:quarkus-vertx-httppage 1 of 1

CVE-2022-4147HIGHCVSS 7.5EG 7.5✓ Fixed in 2.13.5.Final
2022-12-06
vulnerable: 0.23.0 ... 2.9.2.Final (170 versions)
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest…
CVE-2023-0044MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.13.7.Final
2023-02-23
vulnerable: 0.23.0 ... 2.9.2.Final (172 versions)
If the Quarkus Form Authentication session cookie Path attribute is set to `/` then a cross-site attack may be initiated which might lead to the Information Disclosure. This attack can be prevented with the Quarkus CSRF Prevention feature.
CVE-2023-4853HIGHCVSS 8.1EG 8.1✓ Fixed in 3.3.3
2023-09-20
vulnerable: 3.3.0, 3.3.1, 3.3.2
A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass th…
CVE-2026-39852HIGHCVSS 8.2EG 8.2✓ Fixed in 3.35.1.1
2026-05-05
vulnerable: 3.34.0 ... 3.35.1 (11 versions)
Quarkus is a Java framework for building cloud-native applications. In versions prior to 3.20.6.1, 3.27.3.1, 3.33.1.1, 3.35.1.1, 3.34.7, and 3.35.2, a path normalization inconsistency between the security layer and the routing layer allows…

Check whether io.quarkus:quarkus-vertx-http is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.quarkus:quarkus-vertx-http CVEs against the assets you own.

Start Free Scan →