Lucene search

K

12 matches found

CVE
CVE
added 2023/02/17 10:15 p.m.213 views

CVE-2023-0482

In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

5.5CVSS5AI score0.00037EPSS
CVE
CVE
added 2021/03/26 5:15 p.m.208 views

CVE-2021-20289

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highe...

5.3CVSS5.3AI score0.00084EPSS
CVE
CVE
added 2020/05/19 3:15 p.m.182 views

CVE-2020-1695

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unex...

7.5CVSS7.1AI score0.00751EPSS
CVE
CVE
added 2021/05/27 7:15 p.m.147 views

CVE-2020-10688

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

6.1CVSS5.7AI score0.00222EPSS
CVE
CVE
added 2020/09/18 7:15 p.m.145 views

CVE-2020-25633

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data conf...

5.3CVSS5AI score0.00228EPSS
CVE
CVE
added 2018/03/09 8:29 p.m.133 views

CVE-2016-9606

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

8.1CVSS8.1AI score0.00772EPSS
CVE
CVE
added 2021/06/10 12:15 p.m.129 views

CVE-2021-20293

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The high...

6.1CVSS5.6AI score0.00402EPSS
CVE
CVE
added 2014/08/19 6:55 p.m.113 views

CVE-2014-3490

RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not disable external entities when the resteasy.document.expand.entity.references parameter is set to false, which allows remote attackers to read arbitrary files and hav...

7.5CVSS9.4AI score0.04646EPSS
CVE
CVE
added 2021/06/02 12:15 p.m.107 views

CVE-2020-14326

A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

7.5CVSS7.1AI score0.00499EPSS
CVE
CVE
added 2021/05/26 9:15 p.m.104 views

CVE-2020-25724

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.

4.3CVSS4.3AI score0.00132EPSS
CVE
CVE
added 2012/11/23 8:55 p.m.99 views

CVE-2012-0818

RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.

5CVSS9.2AI score0.01376EPSS
CVE
CVE
added 2012/11/23 8:55 p.m.80 views

CVE-2011-5245

The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CV...

5CVSS9.2AI score0.01376EPSS