CVE-2022-4116: Improper Control of Generation of Code ('Code Injection')

November 22, 2022 (updated January 6, 2023)

A vulnerability was found in quarkus. This security flaw happens in Dev UI Config Editor which is vulnerable to drive-by localhost attacks leading to remote code execution.

References

access.redhat.com/security/cve/CVE-2022-4116
bugzilla.redhat.com/show_bug.cgi?id=2144748
github.com/advisories/GHSA-g56w-cwg4-hxx9
github.com/quarkusio/quarkus/discussions/29527
github.com/quarkusio/quarkus/discussions/29527
nvd.nist.gov/vuln/detail/CVE-2022-4116

Code Behaviors & Features

Detect and mitigate CVE-2022-4116 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →