VulnerableCode Package Details - pkg:rpm/redhat/eap7-resteasy@3.15.8-1.Final_redhat

Search for packages

Vulnerability	Summary	Fixed by
VCID-khr7-6pza-afab Aliases: CVE-2023-26464 GHSA-vp98-w2p3-mv35	Apache Log4j 1.x (EOL) allows Denial of Service (DoS) UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	There are no reported fixed by versions.
VCID-nahx-etfu-qqfq Aliases: CVE-2022-25883 GHSA-c2qf-rxjj-qqgw	semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.	There are no reported fixed by versions.
VCID-wjaq-7np6-z3bk Aliases: CVE-2023-26136 GHSA-72xf-g2v4-qvf3	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.	There are no reported fixed by versions.
VCID-zxsk-ucu6-73h1 Aliases: CVE-2023-3171	eap-7: heap exhaustion via deserialization	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-khr7-6pza-afab
Aliases:
CVE-2023-26464
GHSA-vp98-w2p3-mv35

Apache Log4j 1.x (EOL) allows Denial of Service (DoS) ** UNSUPPORTED WHEN ASSIGNED ** When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted (ie deeply nested) hashmap or hashtable (depending on which logging component is in use) to be processed could exhaust the available memory in the virtual machine and achieve Denial of Service when the object is deserialized. This issue affects Apache Log4j before 2. Affected users are recommended to update to Log4j 2.x. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

There are no reported fixed by versions.

VCID-nahx-etfu-qqfq
Aliases:
CVE-2022-25883
GHSA-c2qf-rxjj-qqgw

semver vulnerable to Regular Expression Denial of Service Versions of the package semver before 7.5.2 on the 7.x branch, before 6.3.1 on the 6.x branch, and all other versions before 5.7.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.

There are no reported fixed by versions.

VCID-wjaq-7np6-z3bk
Aliases:
CVE-2023-26136
GHSA-72xf-g2v4-qvf3

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') Versions of the package tough-cookie before 4.1.3 is vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

There are no reported fixed by versions.

VCID-zxsk-ucu6-73h1
Aliases:
CVE-2023-3171

eap-7: heap exhaustion via deserialization

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:55:03.159133+00:00	RedHat Importer	Affected by	VCID-khr7-6pza-afab	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26464.json	38.0.0
2026-04-01T13:53:40.300444+00:00	RedHat Importer	Affected by	VCID-nahx-etfu-qqfq	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25883.json	38.0.0
2026-04-01T13:53:36.512318+00:00	RedHat Importer	Affected by	VCID-wjaq-7np6-z3bk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26136.json	38.0.0
2026-04-01T13:52:27.480259+00:00	RedHat Importer	Affected by	VCID-zxsk-ucu6-73h1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-3171.json	38.0.0