CVE-2022-2466: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

September 1, 2022 (updated September 16, 2022)

It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior.

References

github.com/advisories/GHSA-mwhw-6p27-4crc
github.com/quarkusio/quarkus/issues/26748
github.com/quarkusio/quarkus/releases/tag/2.10.4.Final
nvd.nist.gov/vuln/detail/CVE-2022-2466

Detect and mitigate CVE-2022-2466 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →