Lucene search
GoogleOSV:GHSA-M2FV-3RQM-G7P5HistoryMay 13, 2022 - 1:33 a.m.
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider
2022-05-1301:33:34
Google
osv.dev
11
0.023 Low
EPSS
Percentile
89.8%
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load() in YamlProvider.
Mitigation:
If the YamlProvider is enabled it’s recommended to add authentication, and authorization to the endpoint expecting Yaml content to prevent exploitation of this vulnerability.
Related
osv
osv
CVE-2018-1051
2018-01-25 20:29:00
CVE-2016-9606
2018-03-09 20:29:00
JBoss RESTEasy vulnerable to Improper Input Validation
2022-05-14 02:37:13
debiancve
debiancve
CVE-2018-1051
2018-01-25 20:29:00
CVE-2016-9606
2018-03-09 20:29:00
ubuntucve
ubuntucve
CVE-2018-1051
2018-01-25 00:00:00
CVE-2016-9606
2018-03-09 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2018-01-26 00:15:27
Remote Code Execution (RCE)
2016-12-16 08:05:27
Remote Code Execution (RCE)
2019-01-15 09:16:49
cve
cve
prion
prion
Design/Logic Flaw
2018-01-25 20:29:00
Design/Logic Flaw
2018-03-09 20:29:00
Design/Logic Flaw
2017-03-07 15:59:00
redhatcve
redhatcve
CVE-2018-1051
2018-01-25 16:50:00
CVE-2016-9606
2019-10-31 10:31:37
nvd
nvd
github
github
JBoss RESTEasy vulnerable to Improper Input Validation
2022-05-14 02:37:13
cvelist
cvelist
CVE-2018-1051
2018-01-25 20:00:00
CVE-2016-9606
2016-12-15 00:00:00
nessus
nessus
RHEL 6 : jboss-ec2-eap (RHSA-2017:1260)
2017-05-19 00:00:00
RHEL 5 : JBoss EAP (RHSA-2017:1256)
2017-05-22 00:00:00
RHEL 7 : JBoss EAP (RHSA-2017:1253)
2018-09-04 00:00:00
redhat
redhat
impervablog
impervablog
Deserialization Attacks Surge Motivated by Illegal Crypto-mining
2018-01-24 17:45:08