Incomplete Fix for Yaml Unmarshalling in Resteasy Affects Red Hat Software
CVE-2018-1051

8.1HIGH

Key Information:

Vendor
Red Hat
Status
Vendor
CVE Published:
25 January 2018

Summary

A security flaw has been identified in Resteasy due to an incomplete patch related to Yaml unmarshalling. The issue arises from the Yaml.load() method in the YamlProvider, allowing potential security risks in handling YAML content. Users of Resteasy versions 3.0.22 and 3.1.2 are encouraged to review their systems for this vulnerability and ensure appropriate measures are in place to mitigate any potential threats.

Affected Version(s)

resteasy after 3.0.22

resteasy after 3.1.2

References

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.