GHSA-hgjr-xwj3-jfvw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-hgjr-xwj3-jfvw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hgjr-xwj3-jfvw/GHSA-hgjr-xwj3-jfvw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-hgjr-xwj3-jfvw
- Aliases
- Published
- 2022-05-14T02:37:13Z
- Modified
- 2023-11-08T03:58:38.538691Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- JBoss RESTEasy vulnerable to Improper Input Validation
- Details
-
JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2016-9606
- https://access.redhat.com/errata/RHSA-2017:1253
- https://access.redhat.com/errata/RHSA-2017:1254
- https://access.redhat.com/errata/RHSA-2017:1256
- https://access.redhat.com/errata/RHSA-2017:1260
- https://access.redhat.com/errata/RHSA-2017:1410
- https://access.redhat.com/errata/RHSA-2017:1411
- https://access.redhat.com/errata/RHSA-2017:1412
- https://access.redhat.com/errata/RHSA-2017:1675
- https://access.redhat.com/errata/RHSA-2017:1676
- https://access.redhat.com/errata/RHSA-2018:2909
- https://access.redhat.com/errata/RHSA-2018:2913
- https://bugzilla.redhat.com/show_bug.cgi?id=1400644
- https://github.com/resteasy/Resteasy
- http://rhn.redhat.com/errata/RHSA-2017-1255.html
- http://rhn.redhat.com/errata/RHSA-2017-1409.html
- http://www.securityfocus.com/bid/94940
- http://www.securitytracker.com/id/1038524
Affected packages
Maven / org.jboss.resteasy:resteasy-bom
Package
- Name
- org.jboss.resteasy:resteasy-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.resteasy/resteasy-bom
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.2.Final
Affected versions
1.*
1.2.GA
1.2.1.GA
2.*
2.0-beta-1
2.0-beta-2
2.0-beta-3
2.0-beta-4
2.0-RC1
2.0.0.GA
2.0.1.GA
2.1-beta-1
2.1.0.GA
2.2-beta-1
2.2-RC-1
2.2.0.GA
2.2.1.GA
2.2.2.GA
2.2.3.GA
2.3-beta-1
2.3-RC1
2.3.0.GA
2.3.1.GA
2.3.2.Final
2.3.3.Final
2.3.4.Final
2.3.5.Final
2.3.6.Final
2.3.7.Final
2.3.10.Final
3.*
3.0-beta-1
3.0-beta-2
3.0-beta-3
3.0-beta-4
3.0-beta-5
3.0-beta-6
3.0-rc-1
3.0.0.Final
3.0.1.Final
3.0.2.Final
3.0.3.Final
3.0.4.Final
3.0.5.Final
3.0.6.Final
3.0.7.Final
3.0.8.Final
3.0.9.Final
3.0.10.Final
3.0.11.Final
3.0.12.Final
3.0.13.Final
3.0.14.Final
3.0.15.Final
3.0.16.Final
3.0.17.Final
3.0.18.Final
3.0.19.Final
3.0.20.Final
3.0.21.Final
3.0.22.Final
3.0.23.Final
3.0.24.Final
3.0.26.Final
3.1.0.Beta1
3.1.0.Beta2
3.1.0.CR1
3.1.0.CR2
3.1.0.CR3
3.1.0.Final
3.1.1.Final