3.1.2

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-10	CVE-2021-20293	A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. network low complexity redhat netapp	6.1
2021-05-27	CVE-2020-10688	Unspecified vulnerability in Redhat products A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. network low complexity redhat	6.1
2021-03-26	CVE-2021-20289	A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. network low complexity redhat netapp quarkus oracle	5.3
2020-09-18	CVE-2020-25633	Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. network low complexity redhat quarkus CWE-209	5.3
2020-05-19	CVE-2020-1695	A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. network low complexity redhat fedoraproject	7.5
2018-01-25	CVE-2018-1051	Deserialization of Untrusted Data vulnerability in Redhat Resteasy 3.0.22/3.1.2 It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. network high complexity redhat CWE-502	8.1