Impact
The payload from the request is deserialized too early before the signature check has taken place.
While not a vulnerability per se, it can be a problem in case there is a vulnerability in the underlying library we are using to deserialize the payload, namely Jackson.
Patches
Users should upgrade to either Quarkus GitHub App 2.0.1 or 1.17.1.
Workarounds
No workarounds.
Impact
The payload from the request is deserialized too early before the signature check has taken place.
While not a vulnerability per se, it can be a problem in case there is a vulnerability in the underlying library we are using to deserialize the payload, namely Jackson.
Patches
Users should upgrade to either Quarkus GitHub App 2.0.1 or 1.17.1.
Workarounds
No workarounds.