Search for packages
| purl | pkg:deb/debian/resteasy3.0@3.0.26-2?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-qktn-umfn-dkhv
Aliases: CVE-2020-10688 GHSA-29qj-rvv6-qrmv |
Cross-site scripting in RESTEasy A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-17rd-f1mq-kfgr | Exposure of Sensitive Information to an Unauthorized Actor RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. |
CVE-2016-6345
GHSA-vxhj-3x7p-jxp5 |
| VCID-1um9-45xa-nbaf | Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected. |
CVE-2020-25724
GHSA-9699-gm7f-cmjv |
| VCID-6265-k551-gyfv | Uncontrolled Resource Consumption A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service. |
CVE-2020-14326
GHSA-37g7-8vjj-pjpj |
| VCID-6qhb-4jya-hffz | Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP Red Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. |
CVE-2017-7561
GHSA-57q5-x8jf-g7h8 |
| VCID-7uh1-a5ng-rqch | JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. |
CVE-2016-6348
GHSA-9xfc-j5mf-9w5p |
| VCID-aedf-8vvz-37cp | Improper Input Validation in RESTEasy A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. |
CVE-2020-1695
GHSA-63cq-ppq8-cw6g |
| VCID-jms5-sctw-mkc5 | Cross-site Scripting Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CVE-2016-6347
GHSA-r346-rmrg-qpgh |
| VCID-kg6v-ry5e-2qbh | RESTEasy: SerializableProvider enabled by default and deserializes untrusted data |
CVE-2016-7050
|
| VCID-p3uc-ee2b-fff5 | Improper Input Validation JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. |
CVE-2016-9606
GHSA-hgjr-xwj3-jfvw |
| VCID-wbgc-tuj3-47by | Uncontrolled Resource Consumption RESTEasy enables `GZIPInterceptor`, which allows remote attackers to cause a denial of service via unspecified vectors. |
CVE-2016-6346
GHSA-wxvr-vqfp-9cqw |
| VCID-wjgt-y2vt-63gs | Deserialization of Untrusted Data Resteasy allows Yaml unmarshalling via `Yaml.load()` in `YamlProvider`. |
CVE-2018-1051
GHSA-m2fv-3rqm-g7p5 |