Vulnerabilities > Redhat > Resteasy > 2.2.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-02-17 | CVE-2023-0482 | Unspecified vulnerability in Redhat Resteasy In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | 5.5 |
| 2021-06-10 | CVE-2021-20293 | Cross-site Scripting vulnerability in multiple products A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. | 4.3 |
| 2021-05-27 | CVE-2020-10688 | Cross-site Scripting vulnerability in Redhat products A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. | 4.3 |
| 2021-03-26 | CVE-2021-20289 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. | 5.0 |
| 2020-09-18 | CVE-2020-25633 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. | 5.3 |
| 2018-03-09 | CVE-2016-9606 | Improper Input Validation vulnerability in Redhat Resteasy JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. | 6.8 |
| 2012-11-23 | CVE-2011-5245 | Information Exposure vulnerability in Redhat Resteasy The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818. | 5.0 |