Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NHItZmNqMy1naGpx
Exposure of class information in RESTEasy
A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
Permalink: https://github.com/advisories/GHSA-244r-fcj3-ghjqJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NHItZmNqMy1naGpx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 8 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-244r-fcj3-ghjq, CVE-2021-20289
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-20289
- https://bugzilla.redhat.com/show_bug.cgi?id=1935927
- https://bugzilla.redhat.com/show_bug.cgi?id=1941544
- https://issues.redhat.com/browse/RESTEASY-2843
- https://security.netapp.com/advisory/ntap-20210528-0008/
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://github.com/advisories/GHSA-244r-fcj3-ghjq
Affected Packages
maven:org.jboss.resteasy:resteasy-core
Versions: >= 3.0.0, < 3.16.0, >= 4.0.0, < 4.5.10, >= 4.6.0, < 4.6.1Fixed in: 3.16.0, 4.5.10, 4.6.1