CVE-2011-5245
EUVD-2022-388423.11.2012, 20:55
The readFrom function in providers.jaxb.JAXBXmlTypeProvider in RESTEasy before 2.3.2 allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input, aka an XML external entity (XXE) injection attack, a similar vulnerability to CVE-2012-0818.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| redhat | resteasy | 𝑥 ≤ 2.3.1 |
| redhat | resteasy | 1.0.0 |
| redhat | resteasy | 1.0.1 |
| redhat | resteasy | 1.0.2 |
| redhat | resteasy | 1.1 |
| redhat | resteasy | 1.2 |
| redhat | resteasy | 2.0.0 |
| redhat | resteasy | 2.0.1 |
| redhat | resteasy | 2.1.0 |
| redhat | resteasy | 2.2.0 |
| redhat | resteasy | 2.2.1 |
| redhat | resteasy | 2.2.2 |
| redhat | resteasy | 2.2.3 |
| redhat | resteasy | 2.3.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References