Vulnerabilities > Redhat > Resteasy > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-02 CVE-2020-14326 A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes.
network
low complexity
redhat netapp
7.5
2020-05-19 CVE-2020-1695 A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response.
network
low complexity
redhat fedoraproject
7.5
2018-03-09 CVE-2016-9606 Improper Input Validation vulnerability in Redhat Resteasy
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
network
high complexity
redhat CWE-20
8.1
2018-01-25 CVE-2018-1051 Deserialization of Untrusted Data vulnerability in Redhat Resteasy 3.0.22/3.1.2
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
network
high complexity
redhat CWE-502
8.1
2016-09-07 CVE-2016-6346 Unspecified vulnerability in Redhat Resteasy
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
network
low complexity
redhat
7.5