Vulnerabilities > Redhat > Resteasy

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2023-0482 Unspecified vulnerability in Redhat Resteasy
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
local
low complexity
redhat
5.5
2021-06-10 CVE-2021-20293 A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType.
network
low complexity
redhat netapp
6.1
2021-06-02 CVE-2020-14326 A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes.
network
low complexity
redhat netapp
7.5
2021-05-27 CVE-2020-10688 Unspecified vulnerability in Redhat products
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs.
network
low complexity
redhat
6.1
2021-05-26 CVE-2020-25724 A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided.
network
low complexity
redhat quarkus
4.3
2021-03-26 CVE-2021-20289 A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final.
network
low complexity
redhat netapp quarkus oracle
5.3
2020-09-18 CVE-2020-25633 Information Exposure Through an Error Message vulnerability in multiple products
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final.
network
low complexity
redhat quarkus CWE-209
5.3
2020-05-19 CVE-2020-1695 A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response.
network
low complexity
redhat fedoraproject
7.5
2018-03-09 CVE-2016-9606 Improper Input Validation vulnerability in Redhat Resteasy
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
network
high complexity
redhat CWE-20
8.1
2018-01-25 CVE-2018-1051 Deserialization of Untrusted Data vulnerability in Redhat Resteasy 3.0.22/3.1.2
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
network
high complexity
redhat CWE-502
8.1