CVE-2023-6267

Improper Handling of Insufficient Permissions or Privileges in maven/io.quarkus.resteasy.reactive/resteasy-reactive

Identifiers

GHSA-8j3x-w35r-rw4r, CVE-2023-6267

Package Slug

maven/io.quarkus.resteasy.reactive/resteasy-reactive

Vulnerability

Improper Handling of Insufficient Permissions or Privileges

Description

A flaw was found in the json payload. If annotation based security is used to secure a REST resource, the JSON body that the resource may consume is being processed (deserialized) prior to the security constraints being evaluated and applied. This does not happen with configuration based security.

Affected Versions

All versions before 2.13.9.final, all versions starting from 3.0.0.final before 3.2.9.final

Solution

Upgrade to versions 2.13.9.Final, 3.2.9.Final or above.

Last Modified

2024-02-01

source