2 matches found
GHSA-5M48-VR54-VMH3 jersey: XXE via parameter entities
jersey: XXE via parameter entities not disabled by the jersey SAX parser...
jersey: Local information disclosure via system temporary directory
Eclipse Jersey 2.28 to 2.33 and Eclipse Jersey 3.0.0 to 3.0.1 contains a local information disclosure vulnerability. This is due to the use of the File.createTempFile which creates a file inside of the system temporary directory with the permissions: -rw-r--r--. Thus the contents of this file are...