swagger-api
CVE-2017-7561 (High) detected in resteasy-jaxrs-3.0.11.Final.jar, resteasy-jaxrs-3.1.3.Final.jar
CVE-2017-7561 - High Severity Vulnerability
Vulnerable Libraries - resteasy-jaxrs-3.0.11.Final.jar, resteasy-jaxrs-3.1.3.Final.jar
resteasy-jaxrs-3.0.11.Final.jar
Resteasy
Path to dependency file: /samples/server/petstore/jaxrs-resteasy/eap-joda/build.gradle
Path to vulnerable library: /aches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/aches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/aches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/aches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/aches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/aches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.0.11.Final/e38927a7ee37a43950d0ca58d63042d14ca93a5f/resteasy-jaxrs-3.0.11.Final.jar
Dependency Hierarchy:
- :x: resteasy-jaxrs-3.0.11.Final.jar (Vulnerable Library)
resteasy-jaxrs-3.1.3.Final.jar
Resteasy
Path to dependency file: /samples/client/petstore/java/resteasy/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.jboss.resteasy/resteasy-jaxrs/3.1.3.Final/e60cee8b5a1801de9e4cd88dc584fd630faed656/resteasy-jaxrs-3.1.3.Final.jar
Dependency Hierarchy:
- resteasy-client-3.1.3.Final.jar (Root Library)
- :x: resteasy-jaxrs-3.1.3.Final.jar (Vulnerable Library)
Found in HEAD commit: 4b7a8d7d7384aa6a27d6309c35ade0916edae7ed
Found in base branches: 3.0.0, master
Vulnerability Details
Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.
Publish Date: 2017-09-13
URL: CVE-2017-7561
CVSS 3 Score Details (7.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
Suggested Fix
Type: Upgrade version
Origin: https://issues.jboss.org/browse/RESTEASY-1704
Release Date: 2017-09-13
Fix Resolution (org.jboss.resteasy:resteasy-jaxrs): 3.5.0.CR1
Direct dependency fix Resolution (org.jboss.resteasy:resteasy-client): 3.5.0.Final
- [ ] Check this box to open an automated fix PR
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "Published by a pub.dev verified publisher"){kind=small}