An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NHItZmNqMy1naGpx

Exposure of class information in RESTEasy

A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 8 months ago

CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Identifiers: GHSA-244r-fcj3-ghjq, CVE-2021-20289

Affected Packages

Versions: >= 3.0.0, < 3.16.0, >= 4.0.0, < 4.5.10, >= 4.6.0, < 4.6.1
Fixed in: 3.16.0, 4.5.10, 4.6.1