org.infinispan:infinispan-distribution (=9.0.0.Beta1), org.infinispan:infinispan-javadoc-all (=9.0.0.Beta1) +26 more potentially affected by CVE-2016-6347 via org.jboss.resteasy:resteasy-client (>=3.1.0.Beta1 <=3.1.0.Beta2)

org.jboss.resteasy:resteasy-client MAVEN version =3.1.0.Beta1, =5.3.4.Final, =5.3.4.Final, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta1, =3.1.0.Beta2 and more Source cves: CVE-2016-6347 Source advisory: OSV:GHSA-R346-RMRG-QPGH...

GHSA-5H26-C766-G93V Cross-Site Scripting

A reflected Cross-Site Scripting XSS flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The...

DEBIAN-CVE-2020-10688

A cross-site scripting XSS flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack...

DEBIAN-CVE-2016-6346

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors...

UBUNTU-CVE-2016-6346

RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors...