VYPR

Maven package

org.jboss.resteasy/resteasy-jaxrs

pkg:maven/org.jboss.resteasy/resteasy-jaxrs

Vulnerabilities (3)

  • CVE-2017-7561HigSep 13, 2017
    affected >= 3.0.7.Final, < 3.0.25.Finalfixed 3.0.25.Final

    Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

  • CVE-2016-6346HigSep 7, 2016
    affected < 3.0.20.Finalfixed 3.0.20.Final

    RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.

  • CVE-2014-7839Nov 25, 2014
    affected < 3.0.11.Finalfixed 3.0.11.Final

    DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.