org.jboss.resteasy:resteasy-jackson2-provider@3.0.18.Final vulnerabilities
-
latest version
6.2.8.Final
-
latest non vulnerable version
-
first published
11 years ago
-
latest version published
2 months ago
-
licenses detected
- [3.0-beta-5,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.jboss.resteasy:resteasy-jackson2-provider package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.jboss.resteasy:resteasy-jackson2-provider is a JBoss.org project aimed at providing productivity frameworks for developing client and server RESTful applications and services in Java. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It was found that in some configurations the JacksonJsonpInterceptor is activated by default in RESTEasy. An attacker could use this flaw to launch a Cross Site Scripting Inclusion attack. How to fix Cross-site Scripting (XSS)? Upgrade |
[,3.0.20)
[3.1.0.Beta1,3.1.0.CR1)
|