CVE-2018-1051
N/A
N/A
Summary
It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load() in YamlProvider.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat, Inc. | resteasy | after 3.0.22 | affected |
| Red Hat, Inc. | resteasy | after 3.1.2 | affected |
Weaknesses
- CWE-20: CWE-20
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.