Maven package
org.jboss.resteasy/resteasy-bom
pkg:maven/org.jboss.resteasy/resteasy-bom
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-20293 | — | <= 4.6.0.Final | — | Jun 10, 2021 | A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected X | ||
| CVE-2020-14326 | — | < 4.5.6.Final | 4.5.6.Final | Jun 2, 2021 | A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service. | ||
| CVE-2020-10688 | — | < 3.11.1.Final | 3.11.1.Final | May 27, 2021 | A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. | ||
| CVE-2020-25724 | — | < 2.0-beta-2 | 2.0-beta-2 | May 26, 2021 | A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 a | ||
| CVE-2016-9606 | — | < 3.1.2.Final | 3.1.2.Final | Mar 9, 2018 | JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. |
- CVE-2021-20293Jun 10, 2021affected <= 4.6.0.Final
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected X
- CVE-2020-14326Jun 2, 2021affected < 4.5.6.Finalfixed 4.5.6.Final
A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.
- CVE-2020-10688May 27, 2021affected < 3.11.1.Finalfixed 3.11.1.Final
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
- CVE-2020-25724May 26, 2021affected < 2.0-beta-2fixed 2.0-beta-2
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 a
- CVE-2016-9606Mar 9, 2018affected < 3.1.2.Finalfixed 3.1.2.Final
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.