Vulnerabilities > Redhat > Resteasy > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-06-02 | CVE-2020-14326 | A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. | 7.5 |
2020-05-19 | CVE-2020-1695 | A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. | 7.5 |
2018-03-09 | CVE-2016-9606 | Improper Input Validation vulnerability in Redhat Resteasy JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions. | 8.1 |
2018-01-25 | CVE-2018-1051 | Deserialization of Untrusted Data vulnerability in Redhat Resteasy 3.0.22/3.1.2 It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider. | 8.1 |
2016-09-07 | CVE-2016-6346 | Unspecified vulnerability in Redhat Resteasy RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors. | 7.5 |