Search CVE reports
1 – 10 of 18 results
A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty...
2 affected packages
resteasy, resteasy3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy | Fixed | Fixed | Fixed | — |
| resteasy3.0 | Fixed | Fixed | Fixed | Fixed |
Some fixes available 12 of 18
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
2 affected packages
resteasy3.0, resteasy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy3.0 | Fixed | Fixed | Fixed | Fixed |
| resteasy | Fixed | Fixed | Fixed | Not in release |
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType....
2 affected packages
resteasy, resteasy3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy | Not affected | Not affected | Not affected | Not in release |
| resteasy3.0 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 12 of 24
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or...
2 affected packages
resteasy3.0, resteasy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy3.0 | Fixed | Fixed | Fixed | Fixed |
| resteasy | Fixed | Fixed | Fixed | Not in release |
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and...
2 affected packages
resteasy3.0, resteasy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy3.0 | Not affected | Not affected | Not affected | Not affected |
| resteasy | Not affected | Not affected | Not affected | Not in release |
Some fixes available 12 of 24
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy...
2 affected packages
resteasy3.0, resteasy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy3.0 | Fixed | Fixed | Fixed | Fixed |
| resteasy | Fixed | Fixed | Fixed | Not in release |
Some fixes available 8 of 22
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into...
2 affected packages
resteasy3.0, resteasy
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy3.0 | Not affected | Not affected | Fixed | Fixed |
| resteasy | Fixed | Fixed | Fixed | Not in release |
A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an...
2 affected packages
resteasy, resteasy3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy | Not affected | Not affected | Not affected | Not in release |
| resteasy3.0 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 9 of 23
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this...
2 affected packages
resteasy, resteasy3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy | Fixed | Fixed | Fixed | Not in release |
| resteasy3.0 | Not affected | Fixed | Fixed | Fixed |
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
2 affected packages
resteasy, resteasy3.0
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| resteasy | Not affected | Not affected | Not affected | Not in release |
| resteasy3.0 | Not affected | Not affected | Not affected | Not affected |