CNNVD-202506-2951 Information

Jun 23, 2025 cve

CNNVD ID

CNNVD-202506-2951

CVE-2025-49574

CNNVD Published: 2025-06-23

Description (Chinese)

Quarkus是Quarkus开源的一个用于编写 Java 应用程序的云原生 (Linux) 容器优先框架。 Quarkus 3.24.0之前版本存在安全漏洞，该漏洞源于复制重复上下文时可能导致数据泄露。

Description (English)

Quarkus is a Linux packaging priority framework for the Quarkus open source for the preparation of Java applications. There is a security loophole in the pre-Quarkus 3.24.0 version, which stems from the potential for data leakage when replicating the context.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Quarkus

Published

2025-06-23

Last Modified

2026-02-24

References

https://github.com/quarkusio/quarkus/commit/d1ee57e7b826872b6355cfec0ae13465840e232c https://github.com/quarkusio/quarkus/commit/31e8a3bfcf4e223788615d5ce25eb929ca251275 https://github.com/quarkusio/quarkus/issues/48227 https://github.com/quarkusio/quarkus/releases/tag/3.24.1 https://github.com/quarkusio/quarkus/pull/48486 https://github.com/quarkusio/quarkus/security/advisories/GHSA-9623-mj7j-p9v4 https://github.com/quarkusio/quarkus/commit/2b58f59f4bf0bae7d35b1abb585b65f2a66787d1 https://access.redhat.com/security/cve/cve-2025-49574 https://vigilance.fr/vulnerability/Quarkus-read-write-access-via-Vert-x-Duplicated-Context-47504

Share on: