CVE-2016-6347: Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2016-6346: RESTEasy enables GZIPInterceptor, which allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2016-6345: RESTEasy allows remote authenticated users to obtain sensitive information by leveraging "insufficient use of random values" in async jobs.
CVE-2016-6348: JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
CVE-2020-1695: A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
CVE-2018-1051: It was found that the fix for CVE-2016-9606 in versions 3.0.22 and 3.1.2 was incomplete and Yaml unmarshalling in Resteasy is still possible via `Yaml.load()` in YamlProvider.