Red Hat · Resteasy · CVE-2018-1051
Name of the Vulnerable Software and Affected Versions:
Resteasy versions 3.0.22 and 3.1.2
Description:
The issue is related to incomplete fixing of a previous problem in Yaml unmarshalling within Resteasy, allowing it to still occur via `Yaml.load()` in YamlProvider.
Recommendations:
For versions 3.0.22 and 3.1.2, if the YamlProvider is enabled, add authentication and authorization to the endpoint expecting Yaml content to prevent exploitation of this issue.