Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/4791?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4791?format=api", "vulnerability_id": "VCID-pje3-vvq8-p7hv", "summary": "RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and have other unspecified impact via unspecified vectors, related to an XML External Entity (XXE) issue. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0818.", "aliases": [ { "alias": "CVE-2014-3490" }, { "alias": "GHSA-qjpq-5pq3-43rr" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54375?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.9.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.9.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/20771?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.9.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.9.Final" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54370?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@2.3.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@2.3.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54371?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@2.3.8.SP1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@2.3.8.SP1" }, { "url": "http://public2.vulnerablecode.io/api/packages/54372?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/214818?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.0.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/214819?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.1.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/214820?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.2.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.2.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/214821?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.3.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.3.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/214822?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.4.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.4.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/214823?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.5.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/214824?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.6.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.6.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/214825?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.7.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.7.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/54373?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-client@3.0.8.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-17rd-f1mq-kfgr" }, { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-54ek-p545-k3fj" }, { "vulnerability": "VCID-aedf-8vvz-37cp" }, { "vulnerability": "VCID-jms5-sctw-mkc5" }, { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-client@3.0.8.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/20766?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@1.2.1-10.CP02_patch01", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@1.2.1-10.CP02_patch01" }, { "url": "http://public2.vulnerablecode.io/api/packages/20767?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.2.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.2.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20768?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.2.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.2.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150650?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.3.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.3.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150651?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.4.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.4.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150652?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.5.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150653?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.6.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.6.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150654?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.7.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.7.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150655?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.10.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@2.3.10.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150656?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/150657?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/150658?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/150659?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/150660?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/150661?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-beta-6" }, { "url": "http://public2.vulnerablecode.io/api/packages/150662?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-rc-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0-rc-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/20769?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3" }, { "url": "http://public2.vulnerablecode.io/api/packages/150663?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.0.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150664?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.1.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.1.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150665?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.2.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.2.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150666?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.3.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.3.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150667?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.4.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.4.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150668?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.5.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150669?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.6.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.6.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/150670?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.7.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.7.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/20770?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.8.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.0.8.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/121549?format=api", "purl": "pkg:rpm/redhat/resteasy@2.3.8-5.SP1_redhat_1.1.ep6?arch=el7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/resteasy@2.3.8-5.SP1_redhat_1.1.ep6%3Farch=el7" }, { "url": "http://public2.vulnerablecode.io/api/packages/121550?format=api", "purl": "pkg:rpm/redhat/resteasy@2.3.8-5.SP1_redhat_1.1.ep6?arch=el5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/resteasy@2.3.8-5.SP1_redhat_1.1.ep6%3Farch=el5" }, { "url": "http://public2.vulnerablecode.io/api/packages/121551?format=api", "purl": "pkg:rpm/redhat/resteasy@2.3.8-5.SP1_redhat_1.1.ep6?arch=el6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/resteasy@2.3.8-5.SP1_redhat_1.1.ep6%3Farch=el6" }, { "url": "http://public2.vulnerablecode.io/api/packages/121548?format=api", "purl": "pkg:rpm/redhat/resteasy-base@2.3.5-3?arch=el7_0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-pje3-vvq8-p7hv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/resteasy-base@2.3.5-3%3Farch=el7_0" } ], "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1011.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1011.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1039.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1040.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1040.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-1298.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-1298.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0125.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0125.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0675.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0720.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2015-0765.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3490.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3490.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3490", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.89314", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.89274", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.89277", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.89294", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.89298", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.89307", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.89304", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.89301", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.89254", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04646", "scoring_system": "epss", "scoring_elements": "0.8926", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3490" }, { "reference_url": "http://secunia.com/advisories/60019", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60019" }, { "reference_url": "https://github.com/resteasy/Resteasy/pull/521", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy/pull/521" }, { "reference_url": "https://github.com/resteasy/Resteasy/pull/533", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy/pull/533" }, { "reference_url": "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ronsigal/Resteasy/commit/9b7d0f574cafdcf3bea5428f3145ab4908fc6d83" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/69058", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/69058" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107901", "reference_id": "1107901", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1107901" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:3.0:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:3.0:beta2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:3.0:beta3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:3.0:beta4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:3.0:beta5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:3.0:beta6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:beta6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:resteasy:3.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:resteasy:3.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://bugzilla.redhat.com/CVE-2014-3490", "reference_id": "CVE-2014-3490", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/CVE-2014-3490" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3490", "reference_id": "CVE-2014-3490", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3490" }, { "reference_url": "https://github.com/advisories/GHSA-qjpq-5pq3-43rr", "reference_id": "GHSA-qjpq-5pq3-43rr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qjpq-5pq3-43rr" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1011", "reference_id": "RHSA-2014:1011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1039", "reference_id": "RHSA-2014:1039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1040", "reference_id": "RHSA-2014:1040", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1298", "reference_id": "RHSA-2014:1298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1904", "reference_id": "RHSA-2014:1904", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0125", "reference_id": "RHSA-2015:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0234", "reference_id": "RHSA-2015:0234", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0234" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0235", "reference_id": "RHSA-2015:0235", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0235" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0675", "reference_id": "RHSA-2015:0675", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0675" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0720", "reference_id": "RHSA-2015:0720", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0720" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0765", "reference_id": "RHSA-2015:0765", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0765" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1009", "reference_id": "RHSA-2015:1009", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:1009" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 266, "name": "Incorrect Privilege Assignment", "description": "A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor." }, { "cwe_id": 611, "name": "Improper Restriction of XML External Entity Reference", "description": "The product processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output." } ], "exploits": [], "severity_range_score": "7.0 - 8.9", "exploitability": "0.5", "weighted_severity": "8.0", "risk_score": 4.0, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pje3-vvq8-p7hv" }