Search for packages
| purl | pkg:maven/org.jboss.resteasy/resteasy-bom@4.4.1.Final |
| Next non-vulnerable version | 4.6.1.Alpha1 |
| Latest non-vulnerable version | 4.6.1.Alpha1 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6265-k551-gyfv
Aliases: CVE-2020-14326 GHSA-37g7-8vjj-pjpj |
Uncontrolled Resource Consumption A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service. |
Affected by 1 other vulnerability. |
|
VCID-dww4-f31f-h7az
Aliases: CVE-2021-20293 GHSA-5h26-c766-g93v |
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity. |
Affected by 0 other vulnerabilities. |
|
VCID-qktn-umfn-dkhv
Aliases: CVE-2020-10688 GHSA-29qj-rvv6-qrmv |
Cross-site scripting in RESTEasy A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||