Every CVE whose affected-product data names Redhat Resteasy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2018-1051 — CVSS 8.1 (high): It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still…
CVE-2016-9606 — CVSS 8.1 (high): JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially…
CVE-2020-1695 — CVSS 7.5 (high): A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an…
CVE-2014-3490 — CVSS 7.5 (high): RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red Hat JBoss Enterprise Application Platform (EAP) 6.3.0, does not…
CVE-2016-6346 — CVSS 7.5 (high): RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2020-14326 — CVSS 7.5 (high): A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower…
CVE-2016-6345 — CVSS 6.5 (medium): RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.
CVE-2014-7839 — CVSS 6.4 (medium): DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities…
CVE-2016-6347 — CVSS 6.1 (medium): Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web…
CVE-2016-6348 — CVSS 6.1 (medium): JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
CVE-2021-20293 — CVSS 6.1 (medium): A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly…
CVE-2020-10688 — CVSS 6.1 (medium): A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly…
CVE-2023-0482 — CVSS 5.5 (medium): In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates…
CVE-2020-25633 — CVSS 5.3 (medium): A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's…
CVE-2021-20289 — CVSS 5.3 (medium): A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the…
CVE-2012-0818 — CVSS 5.0 (medium): RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML…
CVE-2011-5245 — CVSS 5.0 (medium): The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an…
CVE-2020-25724 — CVSS 4.3 (medium): A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to…