Search for packages
| purl | pkg:deb/debian/resteasy@3.6.2-4?distro=sid |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-17rd-f1mq-kfgr | Exposure of Sensitive Information to an Unauthorized Actor RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. |
CVE-2016-6345
GHSA-vxhj-3x7p-jxp5 |
| VCID-1um9-45xa-nbaf | Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected. |
CVE-2020-25724
GHSA-9699-gm7f-cmjv |
| VCID-6265-k551-gyfv | Uncontrolled Resource Consumption A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service. |
CVE-2020-14326
GHSA-37g7-8vjj-pjpj |
| VCID-6qhb-4jya-hffz | Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP Red Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. |
CVE-2017-7561
GHSA-57q5-x8jf-g7h8 |
| VCID-7uh1-a5ng-rqch | JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. |
CVE-2016-6348
GHSA-9xfc-j5mf-9w5p |
| VCID-jms5-sctw-mkc5 | Cross-site Scripting Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
CVE-2016-6347
GHSA-r346-rmrg-qpgh |
| VCID-kg6v-ry5e-2qbh | RESTEasy: SerializableProvider enabled by default and deserializes untrusted data |
CVE-2016-7050
|
| VCID-p3uc-ee2b-fff5 | Improper Input Validation JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. |
CVE-2016-9606
GHSA-hgjr-xwj3-jfvw |
| VCID-w6us-ebca-bygb | External entities expanded by DocumentProvider `DocumentProvider` in this package does not configure the external-general-entities or external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. |
CVE-2014-7839
GHSA-pc54-pchm-xcw6 |
| VCID-wbgc-tuj3-47by | Uncontrolled Resource Consumption RESTEasy enables `GZIPInterceptor`, which allows remote attackers to cause a denial of service via unspecified vectors. |
CVE-2016-6346
GHSA-wxvr-vqfp-9cqw |
| VCID-wjgt-y2vt-63gs | Deserialization of Untrusted Data Resteasy allows Yaml unmarshalling via `Yaml.load()` in `YamlProvider`. |
CVE-2018-1051
GHSA-m2fv-3rqm-g7p5 |