JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack

2022-05-1702:49:31

Google

osv.dev

0.001 Low

EPSS

Percentile

48.5%

JSON

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.

CPENameOperatorVersion
org.jboss.resteasy:resteasy-clienteq3.0.17.Final
org.jboss.resteasy:resteasy-clienteq3.0-beta-6
org.jboss.resteasy:resteasy-clienteq1.0-beta-8
org.jboss.resteasy:resteasy-clienteq3.0.0.Final
org.jboss.resteasy:resteasy-clienteq3.0.6.Final
org.jboss.resteasy:resteasy-clienteq3.0-beta-5
org.jboss.resteasy:resteasy-clienteq1.0-beta-6
org.jboss.resteasy:resteasy-clienteq3.0.13.Final
org.jboss.resteasy:resteasy-clienteq3.0.4.Final
org.jboss.resteasy:resteasy-clienteq3.0.8.Final

Name	Operator	Version
org.jboss.resteasy:resteasy-client	eq	3.0.17.Final
org.jboss.resteasy:resteasy-client	eq	3.0-beta-6
org.jboss.resteasy:resteasy-client	eq	1.0-beta-8
org.jboss.resteasy:resteasy-client	eq	3.0.0.Final
org.jboss.resteasy:resteasy-client	eq	3.0.6.Final
org.jboss.resteasy:resteasy-client	eq	3.0-beta-5
org.jboss.resteasy:resteasy-client	eq	1.0-beta-6
org.jboss.resteasy:resteasy-client	eq	3.0.13.Final
org.jboss.resteasy:resteasy-client	eq	3.0.4.Final
org.jboss.resteasy:resteasy-client	eq	3.0.8.Final