3.0.24

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-10	CVE-2021-20293	A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. network low complexity redhat netapp	6.1
2021-05-27	CVE-2020-10688	Unspecified vulnerability in Redhat products A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. network low complexity redhat	6.1
2021-03-26	CVE-2021-20289	A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. network low complexity redhat netapp quarkus oracle	5.3
2020-09-18	CVE-2020-25633	Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. network low complexity redhat quarkus CWE-209	5.3
2020-05-19	CVE-2020-1695	A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. network low complexity redhat fedoraproject	7.5
2018-03-09	CVE-2016-9606	Improper Input Validation vulnerability in Redhat Resteasy JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. network high complexity redhat CWE-20	8.1