This is a collision attack on long IDs (64bits) for PGP keys. Users of dependency verification in Gradle are vulnerable if they use long IDs for PGP keys in a trusted-key or pgp element in their dependency verification metadata file. Grandle between 6.2 to 7.6 are impacted by this issue.
quarkus looks to rebundle gradle in its launcher; amq-st ships a wrapper but not the actual code
This issue has been addressed in the following products: Red Hat build of Quarkus 2.13.8 Via RHSA-2023:3809 https://access.redhat.com/errata/RHSA-2023:3809
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-26053