USN-7351-1

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/notices/USN-7351-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7351-1.json

JSON Data

https://api.test.osv.dev/v1/vulns/USN-7351-1

Related

Published

2025-03-13T14:45:05.200504Z

Modified

2025-03-13T14:45:05.200504Z

Summary

resteasy vulnerabilities

Details

Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. (CVE-2020-10688)

Mirko Selber discovered that RESTEasy improperly validated user input during HTTP response construction. This issue could possibly allow an attacker to cause a denial of service or execute arbitrary code. (CVE-2020-1695)

It was discovered that RESTEasy unintentionally disclosed potentially sensitive server information to users during the handling of certain errors. (CVE-2020-25633)

It was discovered that RESTEasy unintentionally disclosed parts of its code to users during the handling of certain errors. (CVE-2021-20289)

It was discovered that RESTEasy used improper permissions when creating temporary files. An attacker could possibly use this issue to get access to sensitive data. (CVE-2023-0482)

It was discovered that RESTEasy improperly handled certain HTTP requests and could be forced into a state in which it can no longer accept incoming connections. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-9622)

References

Affected packages

Ubuntu:Pro:20.04:LTS / resteasy

Package

Name: resteasy
Purl: pkg:deb/ubuntu/resteasy@3.6.2-2ubuntu0.20.04.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.2-2ubuntu0.20.04.1~esm1

Affected versions

3.*

3.6.2-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.6.2-2ubuntu0.20.04.1~esm1",
            "binary_name": "libresteasy-java"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / resteasy

Package

Name: resteasy
Purl: pkg:deb/ubuntu/resteasy@3.6.2-2ubuntu0.22.04.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.2-2ubuntu0.22.04.1~esm1

Affected versions

3.*

3.6.2-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.6.2-2ubuntu0.22.04.1~esm1",
            "binary_name": "libresteasy-java"
        }
    ]
}

Ubuntu:24.10 / resteasy

Package

Name: resteasy
Purl: pkg:deb/ubuntu/resteasy@3.6.2-2ubuntu0.24.10.1?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.2-2ubuntu0.24.10.1

Affected versions

3.*

3.6.2-2

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_version": "3.6.2-2ubuntu0.24.10.1",
            "binary_name": "libresteasy-java"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / resteasy

Package

Name: resteasy
Purl: pkg:deb/ubuntu/resteasy@3.6.2-2ubuntu0.24.04.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.2-2ubuntu0.24.04.1~esm1

Affected versions

3.*

3.6.2-2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "3.6.2-2ubuntu0.24.04.1~esm1",
            "binary_name": "libresteasy-java"
        }
    ]
}