GHSA-9699-gm7f-cmjv

Suggest an improvement
Source
https://github.com/advisories/GHSA-9699-gm7f-cmjv
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-9699-gm7f-cmjv/GHSA-9699-gm7f-cmjv.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-9699-gm7f-cmjv
Aliases
Published
2021-06-08T22:29:46Z
Modified
2024-02-17T05:37:01.814719Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy
Details

A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.

Database specific 
{
    "nvd_published_at": "2021-05-26T21:15:00Z",
    "cwe_ids": [
        "CWE-567"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-01T20:34:48Z"
}
References

Affected packages

Maven / org.jboss.resteasy:resteasy-bom

Package

Name
org.jboss.resteasy:resteasy-bom
View open source insights on deps.dev
Purl
pkg:maven/org.jboss.resteasy/resteasy-bom

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0-beta-2

Affected versions

1.*

1.2.GA
1.2.1.GA

2.*

2.0-beta-1

Database specific 

{
    "last_known_affected_version_range": "<= 2.0-beta-1"
}