CVE-2023-5720

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-5720

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5720.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-5720

Aliases

GHSA-p62q-5483-h57v

Published

2023-11-15T14:15:07Z

Modified

2024-10-11T08:28:52Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in Quarkus, where it does not properly sanitize artifacts created using the Gradle plugin, allowing certain build system information to remain. This flaw allows an attacker to access potentially sensitive information from the build system within the application.

References

Affected packages

Git / github.com/quarkusio/quarkus

Affected ranges

Type: GIT
Repo: https://github.com/quarkusio/quarkus
Events: Introduced

eef6e01e5d356c31d90af160b91ff08db32d533f

Fixed

36e8caf2be4cca8ca8759ca30a2bab8d5d35ab63