ghsa-wrrh-g7h3-gqmx
Vulnerability from github
Published
2022-05-17 01:49
Modified
2022-07-13 18:42
Summary
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Details
RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.jboss.resteasy:resteasy-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2012-0818"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-13T18:42:09Z",
"nvd_published_at": "2012-11-23T20:55:00Z",
"severity": "MODERATE"
},
"details": "RESTEasy before 2.3.1 allows remote attackers to read arbitrary files via an external entity reference in a DOM document, aka an XML external entity (XXE) injection attack.",
"id": "GHSA-wrrh-g7h3-gqmx",
"modified": "2022-07-13T18:42:09Z",
"published": "2022-05-17T01:49:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0818"
},
{
"type": "WEB",
"url": "https://github.com/resteasy/resteasy/commit/71ace879cf92d323bfa4d3e88db0c3059109bbf6"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200229045254/https://www.securityfocus.com/bid/51766"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20200229044434/http://www.securityfocus.com/bid/51748"
},
{
"type": "WEB",
"url": "https://issues.jboss.org/browse/RESTEASY-637"
},
{
"type": "PACKAGE",
"url": "https://github.com/resteasy/Resteasy"
},
{
"type": "WEB",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72808"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=785631"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2012-0818"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0372"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2014:0371"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2013:1263"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:1125"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:1059"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:1058"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:1057"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:1056"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:0519"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:0441"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2012:0421"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0441.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0519.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1056.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1057.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1058.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1059.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1125.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy"
}
Loading...