Red Hat Inc Resteasy vulnerabilities
3 known vulnerabilities affecting red_hat_inc/resteasy.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH3
Vulnerabilities
Page 1 of 1
CVE-2016-9606HIGHCVSS 8.1vafter 3.0.22vafter 3.1.22018-03-09
CVE-2016-9606 [HIGH] CWE-20 CVE-2016-9606: JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, result
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
cvelistv5nvd
CVE-2018-1051HIGHCVSS 8.1vafter 3.0.22vafter 3.1.22018-01-25
CVE-2018-1051 [HIGH] CWE-20 CVE-2018-1051: It was found that the fix for CVE-2016-9606 in versions 3
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
cvelistv5
CVE-2017-7561HIGHCVSS 7.5v3.0.7 through before 4.0.0Beta12017-09-13
CVE-2017-7561 [HIGH] CWE-346 CVE-2017-7561: Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache pois
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
cvelistv5nvd