VYPR
Moderate severityNVD Advisory· Published Nov 23, 2012· Updated Jun 16, 2026

CVE-2011-5245

CVE-2011-5245

Description

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.jboss.resteasy:resteasy-jaxb-providerMaven
< 2.3.22.3.2

Affected products

15
  • Red Hat/Resteasy14 versions
    cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*+ 13 more
    • cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*range: <=2.3.1
    • cpe:2.3:a:redhat:resteasy:1.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:1.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:1.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:2.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:2.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:2.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:2.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:2.2.2:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:2.2.3:*:*:*:*:*:*:*
    • cpe:2.3:a:redhat:resteasy:2.3.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

22

News mentions

0

No linked articles in our index yet.