CVE-2016-9606

Metadata

high
unknown
resteasy
CVE-2016-9606
cve.mitre.org, issues.jboss.org, bugzilla.redhat.com, bugs.debian.org
2016-12-31
2017-10-23 14:15
CVE-2016-9606 resteasy
CVE-2016-9606 resteasy3.0
2017-07-20 21:29
2017-05-10 23:45
2017-04-14 10:19
2017-04-01 21:42
2017-03-29 19:04

Description

It was discovered that under certain conditions RESTEasy could be forced to parse a request with YamlProvider, resulting in unmarshalling of potentially untrusted data. An attacker could possibly use this flaw execute arbitrary code with the permissions of the application using RESTEasy.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
upstream resteasy 3.1.2,3.0.22

Unaffected

Release Package Reason
precise resteasy DNE
precise/esm resteasy DNE
trusty resteasy DNE
vivid/stable-phone-overlay resteasy DNE
vivid/ubuntu-core resteasy DNE
yakkety resteasy ignored

Needs Triage

Release Package Reason
xenial resteasy needs-triage
zesty resteasy needs-triage
artful resteasy needs-triage
devel resteasy needs-triage