USN-7351-1

Description

resteasy vulnerabilities Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. (CVE-2020-10688) Mirko Selber discovered that RESTEasy improperly validated user input during HTTP response construction. This issue could possibly allow an attacker to cause a denial of service or execute arbitrary code. (CVE-2020-1695) It was discovered that RESTEasy unintentionally disclosed potentially sensitive server information to users during the handling of certain errors. (CVE-2020-25633) It was discovered that RESTEasy unintentionally disclosed parts of its code to users during the handling of certain errors. (CVE-2021-20289) It was discovered that RESTEasy used improper permissions when creating temporary files. An attacker could possibly use this issue to get access to sensitive data. (CVE-2023-0482) It was discovered that RESTEasy improperly handled certain HTTP requests and could be forced into a state in which it can no longer accept incoming connections. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-9622)

Affected Systems

• ubuntu•resteasy

  < 3.6.2-2ubuntu0.20.04.1~esm1 | < 3.6.2-2ubuntu0.22.04.1~esm1 | < 3.6.2-2ubuntu0.24.04.1~esm1

References (7)

• https://ubuntu.com/security/notices/USN-7351-1
• https://ubuntu.com/security/CVE-2020-1695
• https://ubuntu.com/security/CVE-2020-10688
• https://ubuntu.com/security/CVE-2020-25633
• https://ubuntu.com/security/CVE-2021-20289
• https://ubuntu.com/security/CVE-2023-0482
• https://ubuntu.com/security/CVE-2024-9622