be.jidoka:jdk-keycloak-admin (>=2.0.0 <=2.2.0), cn.sparrowmini:sparrow-keycloak-adapter (>=0.0.1 <=0.0.2) +279 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-multipart-provider (>=4.0.0.Beta1 <=4.7.7.Final)

org.jboss.resteasy:resteasy-multipart-provider MAVEN version =4.0.0.Beta1, =2.0.0, =0.0.1, =0.5.8, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =1.7.0, =19.0.0, =2.1.0, =2.6.0 and more Source cves: CVE-2023-0482 Source advisory: OSV:GHSA-2C6G-PFX...

com.planonsoftware.app:com.planonsoftware.app.gradle.plugin (=0.0.1), com.planonsoftware:gradle.development.environment.plugin (=0.0.1) +28 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-multipart-provider (>=5.0.0.Alpha1 <=5.0.5.Final)

org.jboss.resteasy:resteasy-multipart-provider MAVEN version =5.0.0.Alpha1, =0.15.3, =0.15.3, =0.15.3, =0.15.3, =0.27.1, =0.27.1, =9.5.7, =3.5.0, =0.7.6, =0.7.6, =0.7.6, =0.7.2, =4.1.5, =4.7.2 and more Source cves: CVE-2023-0482 Source advisory: OSV:GHSA-2C6G-PFX3-W7H8...

ai.timefold.solver:timefold-solver-quarkus-benchmark-integration-test (>=0.8.38 <=0.8.41), ai.timefold.solver:timefold-solver-quarkus-devui-integration-test (>=0.8.38 <=0.8.41) +1863 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-core (>=4.0.0.Beta6 <=4.7.7.Final)

org.jboss.resteasy:resteasy-core MAVEN version =4.0.0.Beta6, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =0.8.38, =2.0.0, =0.1.5, =0.1.5, =1.0.0-alpha1, =0.0.1, =1.8.0, =0.5.8, =0.5.9 and more Source cves: CVE-2023-0482 Source advisory: OSV:GHSA-2C6G-PFX3-W7H8htt...

at.ganzleicht.vaadin:vaadin-maven-plugin (>=9.1.1 <=9.1.3.2), ca.uhn.hapi.fhir:hapi-fhir-base-test-jaxrsserver-kotlin (>=5.7.7 <=6.8.0) +118 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-core (>=5.0.0.Alpha1 <=5.0.5.Final)

org.jboss.resteasy:resteasy-core MAVEN version =5.0.0.Alpha1, =9.1.1, =5.7.7, =2.0.0-alpha2, =2.0.0-alpha2, =2.0.0-alpha2, =1.14.0, =2.35.0, =2.35.0, =0.15.3, =0.15.3, =0.15.3, =0.15.3, =0.31.0-beta2 and more Source cves: CVE-2023-0482 Source advisory:...

ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess (>=0.1.0 <=0.2.0), ai.aletyx.kogito:aletyx-kogito-ai-addons-quarkus-adhoc-subprocess-storage-jpa (>=0.1.0 <=0.2.0) +1119 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-core (>=6.0.0.Beta1 <=6.2.2.Final)

org.jboss.resteasy:resteasy-core MAVEN version =6.0.0.Beta1, =0.1.0, =0.1.0, =0.7.20, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =0.9.38, =1.0, =8.0.0, =8.0.0, =8.0.0, =1.6.17, =1.6.17, =1.6.18 and more Source cves: CVE-2023-0482 Source advisory...

com.arxcess360:file-server-sdk (>=1.0 <=1.0.4), com.axelor:axelor-web (>=8.0.0 <=8.2.0) +255 more potentially affected by CVE-2023-0482 via org.jboss.resteasy:resteasy-multipart-provider (>=6.0.0.Beta1 <=6.2.2.Final)

org.jboss.resteasy:resteasy-multipart-provider MAVEN version =6.0.0.Beta1, =1.0, =8.0.0, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =1.13.0-rc6, =4.1.1, =1.0a17, =0.3.48, =0.14.0, =0.14.0, =0.14.0, =0.14.0, =0.0.0-test, =0.0.0-test, =13.30.0.RELEASE and more Source cves: CVE-2023-0482 Source advisory...

GHSA-2C6G-PFX3-W7H8 Insecure Temporary File in RESTEasy

Impact In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. Patches Fixed in the following pull requests:...

Insecure Temporary File in RESTEasy

Impact In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. Patches Fixed in the following pull requests:...

The vulnerability of the HttpObjectDecoder decoder in the RESTEasy software framework allows attackers to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the HttpObjectDecoder decoder in the RESTEasy software framework is related to the inconsistent interpretation of HTTP requests during the processing of ASCII-standard encoding symbols. Exploiting this vulnerability allows a remote attacker to send hidden HTTP requests HTTP...

HTTP Smuggling

org.jboss.resteasy, resteasy-netty4-cdi is vulnerable to HTTP Smuggling. The vulnerability is due to improper handling of HTTP requests by the resteasy-netty4 library, specifically when the Netty HttpObjectDecoder fails to process HTTP smuggling requests with ASCII control characters, causing it ...

GHSA-5WPR-CJ9P-959R HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

UBUNTU-CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

CVE-2024-9622

CVE-2024-9622 applies to the resteasy-netty4 library, where improper handling of HTTP requests containing ASCII control characters can trigger the Netty HttpObjectDecoder BAD_MESSAGE state. This causes subsequent legitimate requests on the same connection to be ignored, leading to client timeouts...

CVE-2024-9622 Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty4

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

CVE-2024-9622

A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BADMESSAGE state. As a result, an...

RESTEasy 环境问题漏洞

RESTEasy is a JBoss.org project open sourced by RESTEasy. It is designed to provide a productivity framework for developing client-side and server-side RESTful applications and services in Java. An environmental issue vulnerability exists in RESTEasy that stems from the improper handling of HTTP...