admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-17xx/CVE-2024-1726.json
cad-safe-bot 9d8babeec3 Auto-Update: 2024-07-14T02:00:17.787041+00:00
2024-07-14 02:06:08 +00:00

68 lines
2.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-1726",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-04-25T17:15:48.257",
"lastModified": "2024-04-25T17:24:59.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una falla en la implementaci\u00f3n RESTEasy Reactive en Quarkus. Debido a que se realizan comprobaciones de seguridad para algunos endpoints JAX-RS despu\u00e9s de la serializaci\u00f3n, se consumen m\u00e1s recursos de procesamiento mientras se verifica la solicitud HTTP. En determinadas configuraciones, si un atacante tiene conocimiento de las rutas de solicitud POST, PUT o PATCH, puede identificar endpoints vulnerables y desencadenar un uso excesivo de recursos a medida que los endpoints procesan las solicitudes. Esto puede resultar en una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:1662",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1726",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265158",
"source": "secalert@redhat.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink