UbuntuUpdates.org

Package "libresteasy-java"

Name: libresteasy-java

Description:

RESTEasy -- Framework for RESTful Web services and Java applications
Latest version: 3.6.2-2ubuntu0.24.10.1
Release: oracular (24.10)
Level: security
Repository: universe
Head package: resteasy
Homepage: http://rest-easy.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libresteasy-java"

All arch deb package
APT INSTALL

Other versions of "libresteasy-java" in Oracular

Repository Area Version
base universe 3.6.2-2
updates universe 3.6.2-2ubuntu0.24.10.1

Changelog

Version: 3.6.2-2ubuntu0.24.10.1 2025-03-11 20:07:01 UTC

  resteasy (3.6.2-2ubuntu0.24.10.1) oracular-security; urgency=medium

  * SECURITY UPDATE: Several issues related to confidentiality and injections
    - CVE-2020-10688: XSS occurs due to improper URL handling during exception
    - CVE-2020-1695: Improper input validation leads to unexpected behavior
    - CVE-2021-20289: Endpoint class and method names unexpectedly disclosed
    - CVE-2024-9622: Denial of service through failed http decoder state
    - CVE-2023-0482: Temporary files created with insecure permissions
    - CVE-2020-25633: Server information disclosure during exception

 -- Noam Nedelec-Salmon <email address hidden> Tue, 25 Feb 2025 09:25:31 +0100
CVE-2020-10688 A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL
CVE-2020-1695 A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input v
CVE-2021-20289 A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception
CVE-2024-9622 A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smu
CVE-2023-0482 In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files
CVE-2020-25633 A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensi


About   -   Send Feedback to @ubuntu_updates