Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework
All images are copyrighted.
This week, Quarkus announced that patches for CVE-2022-4116 have been included in the 2.14.2.Final and 2.13.5.Final releases of the framework, warning that malicious attackers could exploit the bug to gain local access to development tools and urging developers to update as soon as possible. Because localhost-bound services are, in fact, accessible from the outside, an attacker can create a malicious website to target developers who are using vulnerable instances of Quarkus, the security researcher says. Developers have been warned that the popular Quarkus framework is affected by a critical vulnerability that could lead to remote code execution.
Source read time: 2 min - securityweek.com
Also offered in: Nederlands