MGASA-2016-0382

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2016-7050

Published: 17 Nov 2016, 16:37

Last modified:16 Apr 2026, 06:24

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

17 Nov 2016, 16:37

Published

Vulnerability first disclosed

16 Apr 2026, 06:24

Last Modified

Vulnerability information updated

Description

Updated resteasy packages fix security vulnerability It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using RESTEasy (CVE-2016-7050).

Affected Systems

mageia•resteasy
< 3.0.6-3.1.mga5

References (3)

https://advisories.mageia.org/MGASA-2016-0382.html
https://bugs.mageia.org/show_bug.cgi?id=19718
https://rhn.redhat.com/errata/RHSA-2016-2604.html