Jersey Security Vulnerabilities

CVE-2014-3643

jersey: XXE via parameter entities not disabled by the jersey SAX parser

CVE-2021-28168

Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are v...