CVE-2018-1051

CWE-20Improper Input ValidationCWE-502Deserialization of Untrusted Data11 documents8 sources
Severity
8.1HIGH
EPSS
0.7%
top 28.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
RED Hat, Inc. ResteasyRedhat Resteasy
Timeline
PublishedJan 25
Latest updateMay 13

Description

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages3 packages

Mavenorg.jboss.resteasy:resteasy-yaml-provider3.1.03.6.0.Final+1
NVDredhat/resteasy3.0.22, 3.1.2+1
CVEListV5red_hat,_inc./resteasyafter 3.0.22, after 3.1.2+1

🔴Vulnerability Details

4
OSV
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider2022-05-13
GHSA
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider2022-05-13
CVEList
CVE-2018-1051: It was found that the fix for CVE-2016-9606 in versions 32018-01-25
OSV
CVE-2018-1051: It was found that the fix for CVE-2016-9606 in versions 32018-01-25

💥Exploits & PoCs

1
Exploit-DB
Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type Confusion2018-04-03

📋Vendor Advisories

2
Red Hat
resteasy: Unsafe unmarshalling in YamlProvider allows code execution2018-01-18
Debian
CVE-2018-1051: resteasy - It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was inc...2018

💬Community

3
Bugzilla
CVE-2018-17967 ImageMagick: memory leak in ReadBGRImage in coders/bgr.c.2018-10-05
Bugzilla
CVE-2018-1051 resteasy: Unsafe unmarshalling in YamlProvider allows code execution [fedora-all]2018-01-26
Bugzilla
CVE-2018-1051 resteasy: Unsafe unmarshalling in YamlProvider allows code execution2018-01-17
CVE-2018-1051 (HIGH CVSS 8.1) | It was found that the fix for CVE-2 | cvebase.io