Lucene search

K

12 matches found

CVE
CVE
added 2021/03/26 5:15 p.m.199 views

CVE-2021-20289

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highe...

5.3CVSS5.3AI score0.00089EPSS
CVE
CVE
added 2023/02/17 10:15 p.m.190 views

CVE-2023-0482

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

5.5CVSS5AI score0.00038EPSS
CVE
CVE
added 2020/05/19 3:15 p.m.171 views

CVE-2020-1695

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unex...

7.5CVSS7.1AI score0.00397EPSS
CVE
CVE
added 2021/05/27 7:15 p.m.138 views

CVE-2020-10688

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

6.1CVSS5.7AI score0.00432EPSS
CVE
CVE
added 2020/09/18 7:15 p.m.137 views

CVE-2020-25633

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data conf...

5.3CVSS5AI score0.0034EPSS
CVE
CVE
added 2018/03/09 8:29 p.m.130 views

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

8.1CVSS8.1AI score0.00772EPSS
CVE
CVE
added 2021/06/10 12:15 p.m.124 views

CVE-2021-20293

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The high...

6.1CVSS5.6AI score0.002EPSS
CVE
CVE
added 2014/08/19 6:55 p.m.109 views

CVE-2014-3490

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...

7.5CVSS9.4AI score0.04646EPSS
CVE
CVE
added 2021/06/02 12:15 p.m.102 views

CVE-2020-14326

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

7.5CVSS7.1AI score0.00499EPSS
CVE
CVE
added 2021/05/26 9:15 p.m.101 views

CVE-2020-25724

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.

4.3CVSS4.3AI score0.00132EPSS
CVE
CVE
added 2012/11/23 8:55 p.m.94 views

CVE-2012-0818

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.

5CVSS9.2AI score0.01376EPSS
CVE
CVE
added 2012/11/23 8:55 p.m.78 views

CVE-2011-5245

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CV...

5CVSS9.2AI score0.01376EPSS