- Vulnerability/
- USN-7351-1
USN-7351-1: RESTEasy vulnerabilities
First published: Thu Mar 13 2025(Updated: )
Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. (CVE-2020-10688) Mirko Selber discovered that RESTEasy improperly validated user input during HTTP response construction. This issue could possibly allow an attacker to cause a denial of service or execute arbitrary code. (CVE-2020-1695) It was discovered that RESTEasy unintentionally disclosed potentially sensitive server information to users during the handling of certain errors. (CVE-2020-25633) It was discovered that RESTEasy unintentionally disclosed parts of its code to users during the handling of certain errors. (CVE-2021-20289) It was discovered that RESTEasy used improper permissions when creating temporary files. An attacker could possibly use this issue to get access to sensitive data. (CVE-2023-0482) It was discovered that RESTEasy improperly handled certain HTTP requests and could be forced into a state in which it can no longer accept incoming connections. An attacker could possibly use this issue to cause a denial of service. (CVE-2024-9622)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libresteasy-java | <3.6.2-2ubuntu0.24.10.1 | 3.6.2-2ubuntu0.24.10.1 |
| Ubuntu | =24.10 | |
| All of | ||
| ubuntu/libresteasy-java | <3.6.2-2ubuntu0.24.04.1~esm1 | 3.6.2-2ubuntu0.24.04.1~esm1 |
| Ubuntu | =24.04 | |
| All of | ||
| ubuntu/libresteasy-java | <3.6.2-2ubuntu0.22.04.1~esm1 | 3.6.2-2ubuntu0.22.04.1~esm1 |
| Ubuntu | =22.04 | |
| All of | ||
| ubuntu/libresteasy-java | <3.6.2-2ubuntu0.20.04.1~esm1 | 3.6.2-2ubuntu0.20.04.1~esm1 |
| Ubuntu | =20.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2020-1695
- https://ubuntu.com/security/CVE-2020-25633
- https://ubuntu.com/security/CVE-2020-10688
- https://ubuntu.com/security/CVE-2024-9622
- https://ubuntu.com/security/CVE-2023-0482
- https://ubuntu.com/security/CVE-2021-20289
- https://launchpad.net/ubuntu/+source/resteasy/3.6.2-2ubuntu0.24.10.1
- https://ubuntu.com/security/notices/USN-7351-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-7351-1?
The severity of USN-7351-1 is classified as important due to the potential for remote code execution.
How do I fix USN-7351-1?
To fix USN-7351-1, update to the latest version of the package libresteasy-java provided by your Ubuntu distribution.
What are the potential impacts of USN-7351-1?
An attacker could exploit USN-7351-1 to manipulate an application's behavior affecting other users over the network.
Which versions of Ubuntu are affected by USN-7351-1?
USN-7351-1 affects Ubuntu versions 20.04, 22.04, 24.04, and 24.10 that use vulnerable versions of libresteasy-java.
Is there a known exploit for USN-7351-1?
CVE-2020-10688 is associated with USN-7351-1, indicating that there are potential exploit paths for this vulnerability.
- agent/last-modified-date
- agent/references
- agent/source
- agent/title
- agent/softwarecombine
- agent/type
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- collector/usn
- source/Ubuntu
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu
- version/ubuntu/24.10
- version/ubuntu/24.04
- version/ubuntu/22.04
- version/ubuntu/20.04