Bug 13306

Please patch CVEs for package resteasy version 3.0.19
  
INFO (CVEs are): resteasy 3.0.19
 cves found
CVE-2020-10688
Desc: A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-10688
Severity: MEDIUM
CVE-2020-1695
Desc: A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-1695
Severity: HIGH
CVE-2020-25633
Desc: A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
Link: https://nvd.nist.gov/vuln/detail/CVE-2020-25633
Severity: MEDIUM
CVE-2023-0482
Desc: In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.
Link: https://nvd.nist.gov/vuln/detail/CVE-2023-0482
Severity: MEDIUM