A flaw was found under Quarkus Cache Runtime. When a request processing utilizes a Uni cached using @CacheResult, and if the cached Uni reuses the initial "completion" context, the processing switches to the context of the cached Uni instead of the request context. It can be a problem if the cached Uni context contains sensitive information. A malicious user could benefit from this as a POST request could possibly return the response that is meant for another user, having access to sensitive data. https://github.com/quarkusio/quarkus/issues/37078
This issue has been addressed in the following products: Red Hat build of Quarkus 2.13.9 Via RHSA-2023:7700 https://access.redhat.com/errata/RHSA-2023:7700