Maven package
org.jboss.resteasy/resteasy-jaxrs
pkg:maven/org.jboss.resteasy/resteasy-jaxrs
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-7561 | Hig | 7.5 | >= 3.0.7.Final, < 3.0.25.Final | 3.0.25.Final | Sep 13, 2017 | Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact. | |
| CVE-2016-6346 | Hig | 7.5 | < 3.0.20.Final | 3.0.20.Final | Sep 7, 2016 | RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. | |
| CVE-2014-7839 | — | < 3.0.11.Final | 3.0.11.Final | Nov 25, 2014 | DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors. |
- affected >= 3.0.7.Final, < 3.0.25.Finalfixed 3.0.25.Final
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
- affected < 3.0.20.Finalfixed 3.0.20.Final
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
- CVE-2014-7839Nov 25, 2014affected < 3.0.11.Finalfixed 3.0.11.Final
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.