CVE-2016-6348

Опубликовано: 12 апр. 2017

Источник: debian

Описание

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.

Пакет	Статус	Версия исправления	Релиз	Тип
resteasy	fixed	3.1.0-1		package
resteasy	no-dsa		jessie	package
resteasy3.0	fixed	3.0.26-1		package

https://github.com/resteasy/Resteasy/commit/7cc46c65b11de69b87ef8850dc68cca3de8cd7c6 (3.1.0.CR1)

CVE-2016-6348

CVSS3: 6.1

ubuntu

почти 9 лет назад

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.

CVE-2016-6348

CVSS3: 3.1

redhat

больше 9 лет назад

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.

CVE-2016-6348

CVSS3: 6.1

nvd

почти 9 лет назад

JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.

GHSA-9xfc-j5mf-9w5p

CVSS3: 6.1

github

больше 3 лет назад

JacksonJsonpInterceptor susceptible to cross-site script inclusion (XSSI) attack