High severityNVD Advisory· Published Mar 9, 2018· Updated Sep 16, 2024
CVE-2016-9606
CVE-2016-9606
Description
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jboss.resteasy:resteasy-bomMaven | < 3.1.2.Final | 3.1.2.Final |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
18- rhn.redhat.com/errata/RHSA-2017-1255.htmlghsavendor-advisoryx_refsource_REDHATWEB
- rhn.redhat.com/errata/RHSA-2017-1409.htmlghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:1253ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:1254ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:1256ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:1260ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:1410ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:1411ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:1412ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:1675ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2017:1676ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2909ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2913ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-hgjr-xwj3-jfvwghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-9606ghsaADVISORY
- www.securityfocus.com/bid/94940ghsavdb-entryx_refsource_BIDWEB
- www.securitytracker.com/id/1038524ghsavdb-entryx_refsource_SECTRACKWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.