Vulnerabilities > Redhat > Resteasy > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-02-17 | CVE-2023-0482 | Unspecified vulnerability in Redhat Resteasy In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | 5.5 |
2021-06-10 | CVE-2021-20293 | A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. | 6.1 |
2021-05-27 | CVE-2020-10688 | Unspecified vulnerability in Redhat products A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. | 6.1 |
2021-05-26 | CVE-2020-25724 | A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. | 4.3 |
2021-03-26 | CVE-2021-20289 | A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. | 5.3 |
2020-09-18 | CVE-2020-25633 | Information Exposure Through an Error Message vulnerability in multiple products A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. | 5.3 |
2017-04-20 | CVE-2016-6347 | Cross-site Scripting vulnerability in Redhat Resteasy Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
2017-04-12 | CVE-2016-6348 | Cross-site Scripting vulnerability in Redhat Resteasy JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack. | 6.1 |
2016-09-07 | CVE-2016-6345 | Information Exposure vulnerability in Redhat Resteasy RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs. | 6.5 |