org.jboss.resteasy:resteasy-core@4.0.0.Beta7 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.jboss.resteasy:resteasy-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Creation of Temporary File With Insecure Permissions

org.jboss.resteasy:resteasy-core is a JBoss.org project aimed at providing productivity frameworks for developing client and server RESTful applications and services in Java.

Affected versions of this package are vulnerable to Creation of Temporary File With Insecure Permissions such that the insecure File.createTempFile() which is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes creates temp files with insecure permissions that could be read by a local user.

How to fix Creation of Temporary File With Insecure Permissions?

Upgrade org.jboss.resteasy:resteasy-core to version 4.7.8.Final or higher.

[0,4.7.8.Final)
  • M
Cross-site Scripting (XSS)

org.jboss.resteasy:resteasy-core is a JBoss.org project aimed at providing productivity frameworks for developing client and server RESTful applications and services in Java.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Does not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.

How to fix Cross-site Scripting (XSS)?

Upgrade org.jboss.resteasy:resteasy-core to version 4.6.0.Final or higher.

[,4.6.0.Final)
  • H
Denial of Service (DoS)

org.jboss.resteasy:resteasy-core is a JBoss.org project aimed at providing productivity frameworks for developing client and server RESTful applications and services in Java.

Affected versions of this package are vulnerable to Denial of Service (DoS). A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

How to fix Denial of Service (DoS)?

Upgrade org.jboss.resteasy:resteasy-core to version 4.5.6.Final or higher.

[,4.5.6.Final)
  • H
Cross-site Scripting (XSS)

org.jboss.resteasy:resteasy-core is a JBoss.org project aimed at providing productivity frameworks for developing client and server RESTful applications and services in Java.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

How to fix Cross-site Scripting (XSS)?

Upgrade org.jboss.resteasy:resteasy-core to version 4.5.3.Final or higher.

[3.11.1.Final,4.5.3.Final)
  • H
Improper Input Validation

org.jboss.resteasy:resteasy-core is a JBoss.org project aimed at providing productivity frameworks for developing client and server RESTful applications and services in Java.

Affected versions of this package are vulnerable to Improper Input Validation in MediaTypeHeaderDelegate.java class results in the class returning an illegal header that will be then integrated in the server's response.

How to fix Improper Input Validation?

Upgrade org.jboss.resteasy:resteasy-core to version 4.1.1.Final or higher.

[,4.1.1.Final)