Vulnerabilities > Redhat > Resteasy > 3.9.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-17 | CVE-2023-0482 | Unspecified vulnerability in Redhat Resteasy In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | 5.5 |
2021-06-10 | CVE-2021-20293 | Cross-site Scripting vulnerability in multiple products A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. | 4.3 |
2021-05-27 | CVE-2020-10688 | Cross-site Scripting vulnerability in Redhat products A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. | 4.3 |
2021-03-26 | CVE-2021-20289 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. | 5.0 |
2020-09-18 | CVE-2020-25633 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. | 5.3 |
2020-05-19 | CVE-2020-1695 | A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. | 7.5 |