org.jboss.resteasy:resteasy-core

Maven4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting org.jboss.resteasy:resteasy-corepage 1 of 1

CVE-2020-10688MEDIUMCVSS 6.1EG 6.1✓ Fixed in 4.5.3.Final
2021-05-27
vulnerable: 4.0.0.Final ... 4.5.2.Final (14 versions)
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to laun…
CVE-2021-20289MEDIUMCVSS 5.3EG 5.3✓ Fixed in 3.16.0
2021-03-26
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the …
CVE-2021-20293MEDIUMCVSS 6.1EG 6.1
2021-06-10
vulnerable: 4.0.0.Beta6 ... 4.6.0.Final (33 versions)
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw a…
CVE-2023-0482MEDIUMCVSS 5.5EG 5.5✓ Fixed in 3.15.5.Final
2023-02-17
In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.

Check whether org.jboss.resteasy:resteasy-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jboss.resteasy:resteasy-core CVEs against the assets you own.

Start Free Scan →