Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1nNGpnLWdwd3YtcDd3ds4AAaPj
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
Permalink: https://github.com/advisories/GHSA-g4jg-gpwv-p7wvJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1nNGpnLWdwd3YtcDd3ds4AAaPj
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 5 months ago
Identifiers: GHSA-g4jg-gpwv-p7wv, CVE-2011-5245
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-5245
- https://bugzilla.redhat.com/show_bug.cgi?id=785631
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72808
- https://issues.jboss.org/browse/RESTEASY-647
- https://issues.jboss.org/browse/RESTEASY/fixforversion/12318708
- http://rhn.redhat.com/errata/RHSA-2012-1056.html
- http://rhn.redhat.com/errata/RHSA-2012-1058.html
- http://rhn.redhat.com/errata/RHSA-2012-1059.html
- http://rhn.redhat.com/errata/RHSA-2014-0371.html
- http://rhn.redhat.com/errata/RHSA-2014-0372.html
- http://www.osvdb.org/78680
- https://github.com/resteasy/resteasy/pull/34
- https://github.com/advisories/GHSA-g4jg-gpwv-p7wv
Blast Radius: 0.0
Affected Packages
maven:org.jboss.resteasy:resteasy-jaxb-provider
Dependent packages: 305Dependent repositories: 2,455
Downloads:
Affected Version Ranges: < 2.3.2
Fixed in: 2.3.2
All affected versions:
All unaffected versions: