Vulnerabilities > Redhat > Resteasy > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-02-17 CVE-2023-0482 Unspecified vulnerability in Redhat Resteasy
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
local
low complexity
redhat
5.5
2021-06-10 CVE-2021-20293 A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType.
network
low complexity
redhat netapp
6.1
2021-05-27 CVE-2020-10688 Unspecified vulnerability in Redhat products
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs.
network
low complexity
redhat
6.1
2021-05-26 CVE-2020-25724 A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided.
network
low complexity
redhat quarkus
4.3
2021-03-26 CVE-2021-20289 A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final.
network
low complexity
redhat netapp quarkus oracle
5.3
2020-09-18 CVE-2020-25633 Information Exposure Through an Error Message vulnerability in multiple products
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final.
network
low complexity
redhat quarkus CWE-209
5.3
2017-04-20 CVE-2016-6347 Cross-site Scripting vulnerability in Redhat Resteasy
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
redhat CWE-79
6.1
2017-04-12 CVE-2016-6348 Cross-site Scripting vulnerability in Redhat Resteasy
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
network
low complexity
redhat CWE-79
6.1
2016-09-07 CVE-2016-6345 Information Exposure vulnerability in Redhat Resteasy
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.
network
low complexity
redhat CWE-200
6.5