GHSA-57q5-x8jf-g7h8

Source

https://github.com/advisories/GHSA-57q5-x8jf-g7h8

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-57q5-x8jf-g7h8/GHSA-57q5-x8jf-g7h8.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-57q5-x8jf-g7h8

Aliases

CVE-2017-7561

Published

2022-05-13T01:47:01Z

Modified

2025-01-15T15:26:01.418975Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP

Details

Red Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

Database specific

{
    "cwe_ids": [
        "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-01T11:43:57Z",
    "severity": "HIGH",
    "nvd_published_at": "2017-09-13T17:29:00Z"
}

References

Affected packages

Maven / org.jboss.resteasy:resteasy-jaxrs

Package

Name: org.jboss.resteasy:resteasy-jaxrs; View open source insights on deps.dev
Purl: pkg:maven/org.jboss.resteasy/resteasy-jaxrs

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.7.Final

Fixed

3.0.25.Final

Affected versions

3.*

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.0.10.Final

3.0.11.Final

3.0.12.Final

3.0.13.Final

3.0.14.Final

3.0.15.Final

3.0.16.Final

3.0.17.Final

3.0.18.Final

3.0.19.Final

3.0.20.Final

3.0.21.Final

3.0.22.Final

3.0.23.Final

3.0.24.Final

Database specific

last_known_affected_version_range

"<= 3.0.24.Final"

Maven / org.jboss.resteasy:resteasy-jaxrs

Package

Name: org.jboss.resteasy:resteasy-jaxrs; View open source insights on deps.dev
Purl: pkg:maven/org.jboss.resteasy/resteasy-jaxrs