CVE-2024-1726

low-risk
Published 2024-04-25

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any POST, PUT, or PATCH request paths, they can potentially identify vulnerable endpoints and trigger excessive resource usage as the endpoints process the requests. This can result in a denial of service.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

References (6)

https://access.redhat.com/errata/RHSA-2024:1662
https://access.redhat.com/security/cve/CVE-2024-1726
https://bugzilla.redhat.com/show_bug.cgi?id=2265158
https://access.redhat.com/errata/RHSA-2024:1662
https://access.redhat.com/security/cve/CVE-2024-1726
https://bugzilla.redhat.com/show_bug.cgi?id=2265158
26
/ 100
low-risk
Severity 21/34 · High
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal