Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS13cnJoLWc3aDMtZ3FteM4AAaO-
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
Permalink: https://github.com/advisories/GHSA-wrrh-g7h3-gqmxJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13cnJoLWc3aDMtZ3FteM4AAaO-
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
Identifiers: GHSA-wrrh-g7h3-gqmx, CVE-2012-0818
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-0818
- https://bugzilla.redhat.com/show_bug.cgi?id=785631
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
- https://issues.jboss.org/browse/RESTEASY-637
- http://rhn.redhat.com/errata/RHSA-2012-0441.html
- http://rhn.redhat.com/errata/RHSA-2012-0519.html
- http://rhn.redhat.com/errata/RHSA-2012-1056.html
- http://rhn.redhat.com/errata/RHSA-2012-1057.html
- http://rhn.redhat.com/errata/RHSA-2012-1058.html
- http://rhn.redhat.com/errata/RHSA-2012-1059.html
- http://rhn.redhat.com/errata/RHSA-2012-1125.html
- http://rhn.redhat.com/errata/RHSA-2014-0371.html
- http://rhn.redhat.com/errata/RHSA-2014-0372.html
- https://github.com/resteasy/resteasy/commit/71ace879cf92d323bfa4d3e88db0c3059109bbf6
- https://access.redhat.com/errata/RHSA-2012:0421
- https://access.redhat.com/errata/RHSA-2012:0441
- https://access.redhat.com/errata/RHSA-2012:0519
- https://access.redhat.com/errata/RHSA-2012:1056
- https://access.redhat.com/errata/RHSA-2012:1057
- https://access.redhat.com/errata/RHSA-2012:1058
- https://access.redhat.com/errata/RHSA-2012:1059
- https://access.redhat.com/errata/RHSA-2012:1125
- https://access.redhat.com/errata/RHSA-2013:1263
- https://access.redhat.com/errata/RHSA-2014:0371
- https://access.redhat.com/errata/RHSA-2014:0372
- https://access.redhat.com/security/cve/CVE-2012-0818
- https://web.archive.org/web/20200229044434/http://www.securityfocus.com/bid/51748
- https://web.archive.org/web/20200229045254/https://www.securityfocus.com/bid/51766/
- https://github.com/advisories/GHSA-wrrh-g7h3-gqmx
Blast Radius: 0.0
Affected Packages
maven:org.jboss.resteasy:resteasy-client
Dependent packages: 721Dependent repositories: 6,292
Downloads:
Affected Version Ranges: < 2.3.1
Fixed in: 2.3.1
All affected versions:
All unaffected versions: