Resteasy

This hub aggregates every CVE we track for Resteasy, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Resteasy.

• CVE-2024-9622Resteasy-netty4-cdi: resteasy-netty4: resteasy-reactor-netty: http request smuggling leading to client timeouts in resteasy-netty45.3Oct 8, 2024
• CVE-2023-0482In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by ...5.5Feb 17, 2023
• CVE-2021-20293A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam wi...6.1Jun 10, 2021
• CVE-2020-14326A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the ...7.5Jun 2, 2021
• CVE-2020-10688A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occur...6.1May 27, 2021
• CVE-2020-25724A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnera...4.3May 26, 2021
• CVE-2021-20289A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of th...5.3Mar 26, 2021
• CVE-2020-25633A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicat...5.3Sep 18, 2020
• CVE-2020-1695A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header...7.5May 19, 2020
• CVE-2016-9606JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbit...8.1Mar 9, 2018
• CVE-2018-1051It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.8.1Jan 25, 2018
• CVE-2017-7561Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.7.5Sep 13, 2017
• CVE-2016-6347Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.6.1Apr 20, 2017
• CVE-2016-6348JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.6.1Apr 12, 2017
• CVE-2016-6346RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.7.5Sep 7, 2016