The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy prior to 2.3.2 allows remote malicious users to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat resteasy 2.0.1 |
||
redhat resteasy 2.0.0 |
||
redhat resteasy 2.2.1 |
||
redhat resteasy 2.2.0 |
||
redhat resteasy 2.1.0 |
||
redhat resteasy 1.0.0 |
||
redhat resteasy 2.2.3 |
||
redhat resteasy 2.2.2 |
||
redhat resteasy 1.0.2 |
||
redhat resteasy 1.0.1 |
||
redhat resteasy |
||
redhat resteasy 2.3.0 |
||
redhat resteasy 1.2 |
||
redhat resteasy 1.1 |