Skip to main content

Resteasy

13 CVEs product

Monthly

CVE-2023-0482 Maven MEDIUM PATCH This Month

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Resteasy Active Iq Unified Manager Oncommand Workflow Automation
NVD GitHub
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-20293 Maven MEDIUM This Month

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Resteasy Oncommand Insight
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-20289 Maven MEDIUM PATCH This Month

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Resteasy Oncommand Insight Quarkus Communications Cloud Native Core Console
NVD
CVSS 3.1
5.3
EPSS
1.4%
CVE-2020-25633 Maven MEDIUM PATCH This Month

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Resteasy Quarkus
NVD
CVSS 3.1
5.3
EPSS
1.2%
CVE-2020-1695 Maven HIGH PATCH This Week

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Resteasy Fedora
NVD
CVSS 3.1
7.5
EPSS
2.0%
CVE-2018-1051 Maven HIGH PATCH This Week

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Resteasy
NVD
CVSS 3.0
8.1
EPSS
1.3%
CVE-2016-6347 Maven MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Resteasy
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-6348 Maven MEDIUM PATCH This Month

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Resteasy
NVD
CVSS 3.0
6.1
EPSS
0.1%
CVE-2016-6346 Maven HIGH PATCH This Week

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Resteasy
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2016-6345 Maven MEDIUM PATCH This Month

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Resteasy
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2014-7839 Maven MEDIUM PATCH This Month

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

XXE Resteasy
NVD
CVSS 2.0
6.4
EPSS
1.3%
CVE-2014-3490 Maven HIGH PATCH This Week

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Red Hat XXE Jboss Enterprise Application Platform Resteasy
NVD GitHub
CVSS 2.0
7.5
EPSS
4.6%
CVE-2012-0818 Maven MEDIUM PATCH This Month

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure XXE Resteasy
NVD
CVSS 2.0
5.0
EPSS
1.4%
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Resteasy Active Iq Unified Manager +1
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM This Month

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Resteasy Oncommand Insight
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Resteasy Oncommand Insight +2
NVD
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Resteasy Quarkus
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Code Injection Resteasy Fedora
NVD
EPSS 1% CVSS 8.1
HIGH PATCH This Week

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Resteasy
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Resteasy
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Resteasy
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Resteasy
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Resteasy
NVD
EPSS 1% CVSS 6.4
MEDIUM PATCH This Month

DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.

XXE Resteasy
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity.

Red Hat XXE Jboss Enterprise Application Platform +1
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure XXE Resteasy
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy