EUVD-2022-4144

Malicious code in bioql PyPI...

EUVD-2022-5455

Malicious code in bioql PyPI...

EUVD-2024-1053

Malicious code in bioql PyPI...

GHSA-2C6G-PFX3-W7H8 Insecure Temporary File in RESTEasy

Impact In RESTEasy the insecure File.createTempFile is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. Patches Fixed in the following pull requests:...

PT-2021-6993 · Red Hat +2 · Resteasy +2

Name of the Vulnerable Software and Affected Versions: RESTEasy versions up to 4.6.0.Final Description: A flaw was found in RESTEasy where the endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to...

CVE-2018-1051

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load in YamlProvider. Mitigation If the YamlProvider is enabled its recommended to add authentication, and authorization to the endpoint expecting...

JAX-RS: Information disclosure via XML eXternal Entity (XXE)

It was found that the default context parameters as provided to RESTEasy deployments by JBoss EAP did not explicitly disable external entity expansion for RESTEasy. A remote attacker could use this flaw to perform XML External Entity XXE attacks on RESTEasy applications accepting XML input...

Moderate: Red Hat Security Advisory: resteasy security update

An update for JBoss Enterprise Web Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...