Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework

25
Developers
Developers-Warned-of-Critical-Remote-Code-Execution-Flaw-in-Quarkus-Java-Framework

Developers have been warned that the popular Quarkus framework contains a critical flaw that could allow remote code execution.

The open-source Quarkus Java framework for GraalVM and HotSpot virtual machines has been available since 2019. The security flaw, tracked as CVE-2022-4116 (CVSS score of 9.8), was found in the Dev UI Config Editor and can be used to your advantage by drive-by localhost attacks. According to the security researcher, an attacker can build a malicious website to target developers who are using vulnerable instances of Quarkus because localhost-bound services are actually reachable from the outside.

Also Read: The Top Three Security Flaws in IoT and Smart Devices

The problem is that requests to localhost can be made by JavaScript code without a preflight request.

Read More: Developers Warned of Critical Remote Code Execution Flaw in Quarkus Java Framework

For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.