CVE-2011-5245

Name of the Vulnerable Software and Affected Versions RESTEasy versions prior to 2.3.2

Description The issue allows remote attackers to read arbitrary files via an external entity reference in a Java Architecture for XML Binding (JAXB) input. This is an XML external entity (XXE) injection attack.

Recommendations For versions prior to 2.3.2, update to version 2.3.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the readFrom function in providers.jaxb.JAXBXmlTypeProvider to minimize the risk of exploitation.