org.jboss.resteasy:resteasy-jaxrs 3.0.16.Final vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.jboss.resteasy:resteasy-jaxrs package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Improper Input Validation org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol. Affected versions of this package are vulnerable to Improper Input Validation in `MediaTypeHeaderDelegate.java` class results in the class returning an illegal header that will be then integrated in the server's response. How to fix Improper Input Validation? Upgrade `org.jboss.resteasy:resteasy-jaxrs` to version 3.11.0.Final or higher.	[,3.11.0.Final)
H HTTP Request Smuggling org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol. Affected versions of this package are vulnerable to HTTP Request Smuggling. It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances. How to fix HTTP Request Smuggling? Upgrade `org.jboss.resteasy:resteasy-jaxrs` to version 3.5.0.CR1, 3.0.25.Final or higher.	[3.1.0.Beta1,3.5.0.CR1)[,3.0.25.Final)
M Cross-site Scripting (XSS) org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It was found that the default exception handler in RESTEasy did not properly validate user input. How to fix Cross-site Scripting (XSS)? Upgrade `org.jboss.resteasy:resteasy-jaxrs` to version 3.0.20.Final, 3.1.0.CR1 or higher.	[0,3.0.20.Final)[3.1.0.Beta1,3.1.0.CR1)
M Information Exposure org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol. Affected versions of this package are vulnerable to Information Exposure. It allows remote authenticated users to obtain sensitive information by leveraging insufficient use of random values in async jobs. How to fix Information Exposure? Upgrade `org.jboss.resteasy:resteasy-jaxrs` to version 3.1.0.CR1 or higher.	[,3.1.0.CR1)

Vulnerability

Vulnerable Version

Improper Input Validation

org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol.

Affected versions of this package are vulnerable to Improper Input Validation in MediaTypeHeaderDelegate.java class results in the class returning an illegal header that will be then integrated in the server's response.

How to fix Improper Input Validation?

Upgrade org.jboss.resteasy:resteasy-jaxrs to version 3.11.0.Final or higher.

[,3.11.0.Final)

HTTP Request Smuggling

org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol.

Affected versions of this package are vulnerable to HTTP Request Smuggling. It was discovered that the CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances.

How to fix HTTP Request Smuggling?

Upgrade org.jboss.resteasy:resteasy-jaxrs to version 3.5.0.CR1, 3.0.25.Final or higher.

[3.1.0.Beta1,3.5.0.CR1)[,3.0.25.Final)

Cross-site Scripting (XSS)

org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol.

Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It was found that the default exception handler in RESTEasy did not properly validate user input.

How to fix Cross-site Scripting (XSS)?

Upgrade org.jboss.resteasy:resteasy-jaxrs to version 3.0.20.Final, 3.1.0.CR1 or higher.

[0,3.0.20.Final)[3.1.0.Beta1,3.1.0.CR1)

Information Exposure

org.jboss.resteasy:resteasy-jaxrs is a JCP specification that provides a Java API for RESTful Web Services over the HTTP protocol.

Affected versions of this package are vulnerable to Information Exposure. It allows remote authenticated users to obtain sensitive information by leveraging insufficient use of random values in async jobs.

How to fix Information Exposure?

Upgrade org.jboss.resteasy:resteasy-jaxrs to version 3.1.0.CR1 or higher.

[,3.1.0.CR1)

org.jboss.resteasy:resteasy-jaxrs@3.0.16.Final vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?