threat
engine
.sh
Back
·
··:··
Home
/
Product
/
redhat resteasy
Product
redhat resteasy
18 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-0482
all versions
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which
5.5
MEDIUM
CVE-2021-20293
<= 4.6.0
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not
6.1
MEDIUM
CVE-2020-14326
>= 4.2.0 and < 4.5.6
A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to s
7.5
HIGH
CVE-2020-10688
< 3.11.1
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not p
6.1
MEDIUM
CVE-2020-25724
< 2.0.0
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain acc
4.3
MEDIUM
CVE-2021-20289
<= 4.6.0
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as pa
5.3
MEDIUM
CVE-2020-25633
< 3.14.0
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server'
5.3
MEDIUM
CVE-2020-1695
>= 3.0.0 and < 3.12.0
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where
7.5
HIGH
CVE-2016-9606
<= 3.1.1
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potent
8.1
HIGH
CVE-2018-1051
all versions
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is stil
8.1
HIGH
CVE-2016-6347
all versions
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary
6.1
MEDIUM
CVE-2016-6348
all versions
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
6.1
MEDIUM
CVE-2016-6346
all versions
RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
7.5
HIGH
CVE-2016-6345
all versions
RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in as
6.5
MEDIUM
CVE-2014-7839
all versions
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entiti
CVE-2014-3490
>= 2.3.1 and <= 2.3.7.2
RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does n
CVE-2012-0818
<= 2.3.0
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an X
CVE-2011-5245
<= 2.3.1
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary fil
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin