CESA-2016:2604 -- centos 7 resteasy-baseID: oval:org.secpod.oval:def:204136 | Date: (C)2017-03-03 (M)2022-10-10 |
Class: PATCH | Family: unix |
RESTEasy contains a JBoss project that provides frameworks to help build RESTful Web Services and RESTful Java applications. It is a fully certified and portable implementation of the JAX-RS specification. Security Fix: * It was discovered that under certain conditions RESTEasy could be forced to parse a request with SerializableProvider, resulting in deserialization of potentially untrusted data. An attacker could possibly use this flaw to execute arbitrary code with the permissions of the application using RESTEasy. Red Hat would like to thank Mikhail Egorov for reporting this issue. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.