CVE Published: 06/12/2023 |
CVE Updated: 23/11/2024 |
CVE Year: 2023 Source: redhat |
Vendor: Red Hat |
Product: Red Hat build of Quarkus 2.13.9.Final Status : PUBLISHED
CVE-2023-6393 Description
A flaw was found in the Quarkus Cache Runtime. When request processing utilizes a Uni cached using @CacheResult and the cached Uni reuses the initial "completion" context, the processing switches to the cached Uni instead of the request context. This is a problem if the cached Uni context contains sensitive information, and could allow a malicious user to benefit from a POST request returning the response that is meant for another user, gaining access to sensitive data.