io.quarkus:quarkus-resteasy@1.9.0.CR1 vulnerabilities

latest version

3.19.1

first published

6 years ago

latest version published

12 days ago

licenses detected

Apache-2.0
[0.11.0,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the io.quarkus:quarkus-resteasy package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Missing Release of Memory after Effective Lifetime Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to the handling of HTTP requests with low timeouts which allows an unauthenticated attacker to repeatedly send specially crafted requests that trigger a memory leak. How to fix Missing Release of Memory after Effective Lifetime? There is no fixed version for `io.quarkus:quarkus-resteasy`.	[0,)
H Improper Authentication Affected versions of this package are vulnerable to Improper Authentication via the deserialization process of JSON payloads. An attacker can potentially compromise data integrity and confidentiality, and achieve high-severity impacts on availability by sending specially crafted JSON data that gets processed before security constraints are evaluated and applied. Note: This does not happen with configuration based security. Then security constraints are being evaluated/applied before a JSON body is being processed. How to fix Improper Authentication? Upgrade `io.quarkus:quarkus-resteasy` to version 3.2.10.Final or higher.	[0,3.2.10.Final)

Missing Release of Memory after Effective Lifetime

Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime due to the handling of HTTP requests with low timeouts which allows an unauthenticated attacker to repeatedly send specially crafted requests that trigger a memory leak.

How to fix Missing Release of Memory after Effective Lifetime?

There is no fixed version for io.quarkus:quarkus-resteasy.

[0,)

Improper Authentication

Affected versions of this package are vulnerable to Improper Authentication via the deserialization process of JSON payloads. An attacker can potentially compromise data integrity and confidentiality, and achieve high-severity impacts on availability by sending specially crafted JSON data that gets processed before security constraints are evaluated and applied.

Note: This does not happen with configuration based security. Then security constraints are being evaluated/applied before a JSON body is being processed.

How to fix Improper Authentication?

Upgrade io.quarkus:quarkus-resteasy to version 3.2.10.Final or higher.

[0,3.2.10.Final)

Go back to all versions of this package