logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2018-1051

Description

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. #### Notes Author| Note ---|--- [msalvatore](<https://launchpad.net/~msalvatore>) | Incomplete fix for CVE-2016-9606 not applied. That fix just disables the YamlProvider by default. There is no fix for this issue other than to mitigate it by requiring authentication and authorization on endpoints expecting YAML input.


Affected Package


OS OS Version Package Name Package Version
ubuntu upstream resteasy 3.1.4-1
ubuntu 16.04 resteasy any
ubuntu upstream resteasy3.0 3.0.26-1

Related