Описание
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load() in YamlProvider.
Ссылки
- Issue TrackingVendor Advisory
- Issue TrackingVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:redhat:resteasy:3.0.22:*:*:*:*:*:*:*
cpe:2.3:a:redhat:resteasy:3.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00688
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
CWE-502
Связанные уязвимости
CVSS3: 8.1
ubuntu
около 8 лет назад
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
CVSS3: 8.1
redhat
около 8 лет назад
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.
CVSS3: 8.1
debian
около 8 лет назад
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1 ...
CVSS3: 8.1
github
больше 3 лет назад
Deserialization of Untrusted Data in org.jboss.resteasy:resteasy-yaml-provider
EPSS
Процентиль: 71%
0.00688
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-20
CWE-502