CNNVD-202601-1182 Information

CNNVD ID

CNNVD-202601-1182

Related CVE

CVE-2025-66560

• CNNVD Published: 2026-01-07

Description (Chinese)

Quarkus是Quarkus开源的一个用于编写 Java 应用程序的云原生 (Linux) 容器优先框架。 Quarkus 3.31.0之前版本、3.27.2之前版本和3.20.5之前版本存在安全漏洞，该漏洞源于HTTP层响应处理不当，可能导致工作线程耗尽，引发性能下降或应用完全不可用。

Description (English)

Quarkus is a Linux packaging priority framework for the Quarkus open source for the preparation of Java applications. There is a security loophole in Quarkus 3.31.0, 3.2.7.2 and 3.20.5 that stems from the inappropriate handling of HTTP-level responses, which may lead to the depletion of work lines, trigger a decrease in performance or a total non-availability of applications.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Quarkus

Published

2026-01-07

Last Modified

2026-02-24

References

https://github.com/quarkusio/quarkus/security/advisories/GHSA-5rfx-cp42-p624

Patch

https://quarkus.io/