CVE-2016-9606

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
09/03/2018
Last modified:
12/10/2018

Description

JBoss RESTEasy before version 3.1.2 could be forced into parsing a request with YamlProvider, resulting in unmarshalling of potentially untrusted data which could allow an attacker to execute arbitrary code with RESTEasy application permissions.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:* 3.1.1 (including)