7 matches found
ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.13), ca.vanzyl.concord:concord-k8s-server (>=0.0.1 <=0.0.10) +16 more potentially affected by CVE-2018-1051 via org.jboss.resteasy:resteasy-yaml-provider (>=3.1.0.Beta1 <=3.6.0.CR1)
org.jboss.resteasy:resteasy-yaml-provider MAVEN version =3.1.0.Beta1, =0.0.2, =0.0.1, =0.0.8, =1.18.0, =1.38.0, =1.44.0, =1.37.0, =1.44.0, =1.0.0, =1.18.0, =1.0.0, =1.0.0, =0.0.27, =0.0.11, =0.0.27, =0.0.31 and more Source cves: CVE-2018-1051 Source advisory: OSV:GHSA-M2FV-3RQM-G7P5...
CVE-2018-1051
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider...
CVE-2018-1051
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider...
CVE-2018-1051
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider...
CVE-2018-1051
CVE-2018-1051 concerns JBoss RESTEasy. The prior fix for CVE-2016-9606 was incomplete, and in RESTEasy versions 3.0.22 and 3.1.2 YAML unmarshalling via Yaml.load() in YamlProvider remains possible. This is documented in the CVE description and corroborated by Nessus/ERR sources noting an unpatche...
CVE-2018-1051
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider...
CVE-2018-1051
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider. Mitigation If the YamlProvider is enabled its recommended to add authentication, and authorization to the endpoint expecting...