An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tMmZ2LTNycW0tZzdwNc4AARHc
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via
Yaml.load() in YamlProvider.
If the YamlProvider is enabled it's recommended to add authentication, and authorization to the endpoint expecting Yaml content to prevent exploitation of this vulnerability.Permalink: https://github.com/advisories/GHSA-m2fv-3rqm-g7p5
Source: GitHub Advisory Database
Published: over 1 year ago
Updated: 8 months ago
CVSS Score: 8.1
CVSS vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-m2fv-3rqm-g7p5, CVE-2018-1051
Fixed in: 3.6.0.Final, 3.0.26.Final