Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-1051

Опубликовано: 25 янв. 2018
Источник: debian

Описание

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
resteasynot-affectedpackage
resteasy3.0not-affectedpackage

Примечания

  • Removing deprecated YamlProvider was done in 4.0.0.Beta4

Связанные уязвимости

ubuntu логотип

CVE-2018-1051

CVSS3: 8.1
ubuntu
около 8 лет назад

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.

redhat логотип

CVE-2018-1051

CVSS3: 8.1
redhat
около 8 лет назад

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.

nvd логотип

CVE-2018-1051

CVSS3: 8.1
nvd
около 8 лет назад

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.

github логотип

GHSA-m2fv-3rqm-g7p5

CVSS3: 8.1
github
больше 3 лет назад

Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider