CVE-2016-6345: Exposure of Sensitive Information to an Unauthorized Actor

May 17, 2022 (updated July 6, 2022)

RESTEasy allows remote authenticated users to obtain sensitive information by leveraging “insufficient use of random values” in async jobs.

References

bugzilla.redhat.com/show_bug.cgi?id=1372117
github.com/advisories/GHSA-vxhj-3x7p-jxp5
nvd.nist.gov/vuln/detail/CVE-2016-6345

Detect and mitigate CVE-2016-6345 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →