UbuntuUpdates.org

Package "resteasy"

Name: resteasy

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • RESTEasy -- Framework for RESTful Web services and Java applications
Latest version: 3.6.2-3ubuntu0.25.04.1
Release: plucky (25.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "resteasy" in Plucky

Repository Area Version
base universe 3.6.2-3
updates universe 3.6.2-3ubuntu0.25.04.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 3.6.2-3ubuntu0.25.04.1 2025-07-08 16:23:23 UTC

  resteasy (3.6.2-3ubuntu0.25.04.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Several vulnerabilities and information disclosures
    - CVE-2020-10688.patch: XSS due to improper URL handling during exception
    - CVE-2020-1695.patch: Input validation issue leads to unexpected behavior
    - CVE-2021-20289.patch: Endpoint information unexpectedly disclosed
    - CVE-2023-0482.patch: Temporary files created with insecure permissions
    - CVE-2024-9622.patch: Denial of service through failed http decoder state
    - pre-CVE-2020-25633.patch: Ajustments to CVE-2020-25633 backport
    - CVE-2020-25633.patch: Server information disclosure during exception

 -- Noam Nedelec-Salmon <email address hidden> Wed, 02 Jul 2025 04:52:57 +0200
CVE-2020-10688 A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL
CVE-2020-1695 A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input v
CVE-2021-20289 A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception
CVE-2023-0482 In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files
CVE-2024-9622 A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smu
CVE-2020-25633 A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensi


About   -   Send Feedback to @ubuntu_updates