CVE-2022-4147
Last modified
CVE-2022-4147 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.. EPSS estimates a 0.58% chance of exploitation in the next 30 days.
Description
Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Quarkus | Quarkus | >= 2.0, < 2.13.5 |
| Quarkus | Quarkus | >= 2.14.0, < 2.14.2 |
References
- https://access.redhat.com/security/cve/CVE-2022-4147Vendor Advisory
- https://access.redhat.com/security/cve/CVE-2022-4147Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-4147?
How severe is CVE-2022-4147?
How do I fix CVE-2022-4147?
Are you affected by CVE-2022-4147?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST