Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2OTktZ203Zi1jbWp2
Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
Permalink: https://github.com/advisories/GHSA-9699-gm7f-cmjvJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2OTktZ203Zi1jbWp2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago
CVSS Score: 4.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-9699-gm7f-cmjv, CVE-2020-25724
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-25724
- https://access.redhat.com/security/cve/cve-2020-25724
- https://bugzilla.redhat.com/show_bug.cgi?id=1899354
- https://security.netapp.com/advisory/ntap-20210702-0003/
- https://github.com/advisories/GHSA-9699-gm7f-cmjv
Affected Packages
maven:org.jboss.resteasy:resteasy-bom
Dependent packages: 47Dependent repositories: 326
Downloads:
Affected Version Ranges: <= 2.0-beta-1
Fixed in: 2.0-beta-2
All affected versions:
All unaffected versions: