Maven package
org.jboss.resteasy/resteasy-core
pkg:maven/org.jboss.resteasy/resteasy-core
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-0482 | — | >= 6.0.0.Beta1, < 6.2.3.Final | 6.2.3.Final | Feb 17, 2023 | In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | ||
| CVE-2021-20293 | — | <= 4.6.0.Final | — | Jun 10, 2021 | A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected X | ||
| CVE-2020-10688 | — | < 3.11.1.Final | 3.11.1.Final | May 27, 2021 | A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. | ||
| CVE-2021-20289 | — | >= 4.6.0, < 4.6.1 | 4.6.1 | Mar 26, 2021 | A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's paramet |
- CVE-2023-0482Feb 17, 2023affected >= 6.0.0.Beta1, < 6.2.3.Finalfixed 6.2.3.Final
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
- CVE-2021-20293Jun 10, 2021affected <= 4.6.0.Final
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected X
- CVE-2020-10688May 27, 2021affected < 3.11.1.Finalfixed 3.11.1.Final
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
- CVE-2021-20289Mar 26, 2021affected >= 4.6.0, < 4.6.1fixed 4.6.1
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's paramet