io.quarkus:quarkus-core

Maven2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting io.quarkus:quarkus-corepage 1 of 1

CVE-2023-2974MEDIUMCVSS 6.5EG 6.5✓ Fixed in 2.16.8.Final
2023-07-04
vulnerable: 0.11.0 ... 2.9.2.Final (213 versions)
A vulnerability was found in quarkus-core. This vulnerability occurs because the TLS protocol configured with quarkus.http.ssl.protocols is not enforced, and the client can force the selection of the weaker supported TLS protocol.
CVE-2024-2700HIGHCVSS 7.0EG 7.0✓ Fixed in 3.2.12.Final
2024-04-04
vulnerable: 0.11.0 ... 3.2.9.Final (250 versions)
A vulnerability was found in the quarkus-core component. Quarkus captures local environment variables from the Quarkus namespace during the application's build, therefore, running the resulting application inherits the values captured at b…

Check whether io.quarkus:quarkus-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.quarkus:quarkus-core CVEs against the assets you own.

Start Free Scan →