CVE-2018-1051

Summary

It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via Yaml.load() in YamlProvider.

Affected Software

VendorProductVersion RangeStatus
Red Hat, Inc.resteasyafter 3.0.22affected
Red Hat, Inc.resteasyafter 3.1.2affected

Weaknesses

  • CWE-20: CWE-20

ADP Enrichment

CVE Program Container

Additional References

References