EUVD-2012-4775

Malware in sbrugna...

EUVD-2024-1255

Malicious code in bioql PyPI...

EUVD-2022-3066

Malicious code in bioql PyPI...

CVE-2024-1726 Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

CVE-2024-1726 Quarkus: security checks for some inherited endpoints performed after serialization in resteasy reactive may trigger a denial of service

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

CVE-2023-5675 Quarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used.

A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either...

[SECURITY] Fedora 40 Update: jackson-jaxrs-providers-2.16.1-3.fc40

This is a multi-module project that contains Jackson-based JAX-RS providers f or following data formats: JSON, Smile binary JSON, XML, CBOR another kind of binary JSON, YAML...

CVE-2024-1726

A flaw was discovered in the RESTEasy Reactive implementation in Quarkus. Due to security checks for some JAX-RS endpoints being performed after serialization, more processing resources are consumed while the HTTP request is checked. In certain configurations, if an attacker has knowledge of any...

CVE-2023-5675

A flaw was found in Quarkus. When a Quarkus RestEasy Classic or Reactive JAX-RS endpoint has its methods declared in the abstract Java class or customized by Quarkus extensions using the annotation processor, the authorization of these methods will not be enforced if it is enabled by either...

GHSA-57Q5-X8JF-G7H8 Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP

Red Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact...

Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP

Red Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact...

GHSA-X7XF-253V-X3W8 Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk...

Improper Input Validation in Apache CXF

Apache CXF supports sending and receiving attachments via either the JAX-WS or JAX-RS specifications. It is possible to craft a message attachment header that could lead to a Denial of Service DoS attack on a CXF web service provider. Both JAX-WS and JAX-RS services are vulnerable to this attack...

Improper Restriction of XML External Entity Reference in Apache CXF JAX-RS

The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to 3.1.9 provides a number of Atom JAX-RS MessageBodyReaders. These readers use Apache Abdera Parser which expands XML entities by default which represents a major XXE risk...

Security Bulletin: Security vulnerability in Apache affects IBM InfoSphere Master Data Management (CVE-2017-12624)

Summary IBM InfoSphere Master Data Management is vulnerable to an Apache CXF denial of service which could allow a remote attacker to to cause the AX-WS and JAX-RS services to stop responding. Vulnerability Details CVEID: CVE-2017-12624 DESCRIPTION: Apache CXF is vulnerable to a denial of service...

GHSA-244R-FCJ3-GHJQ Exposure of class information in RESTEasy

A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value...

Exposure of class information in RESTEasy

A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value...

Information Disclosure

resteasy-core is vulnerable to information disclosure. It exposes the endpoint class and method names as part of the exception response as a result of failure to convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value...

CVE-2021-20289

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The...

[SECURITY] Fedora 32 Update: resteasy-3.0.26-6.fc32

RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification...