Incomplete Fix for Yaml Unmarshalling in Resteasy Affects Red Hat Software
CVE-2018-1051
8.1HIGH
Summary
A security flaw has been identified in Resteasy due to an incomplete patch related to Yaml unmarshalling. The issue arises from the Yaml.load()
method in the YamlProvider, allowing potential security risks in handling YAML content. Users of Resteasy versions 3.0.22 and 3.1.2 are encouraged to review their systems for this vulnerability and ensure appropriate measures are in place to mitigate any potential threats.
Affected Version(s)
resteasy after 3.0.22
resteasy after 3.1.2
References
CVSS V3.1
Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved