Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5cWotcnZ2Ni1xcm12
Cross-site scripting in RESTEasy
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Permalink: https://github.com/advisories/GHSA-29qj-rvv6-qrmvJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5cWotcnZ2Ni1xcm12
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 3 years ago
Updated: almost 2 years ago
CVSS Score: 5.4
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
EPSS Percentage: 0.00146
EPSS Percentile: 0.51013
Identifiers: GHSA-29qj-rvv6-qrmv, CVE-2020-10688
References:
- https://nvd.nist.gov/vuln/detail/CVE-2020-10688
- https://github.com/quarkusio/quarkus/issues/7248
- https://bugzilla.redhat.com/show_bug.cgi?id=1814974
- https://issues.redhat.com/browse/RESTEASY-2519
- https://security.netapp.com/advisory/ntap-20210706-0008/
- https://github.com/advisories/GHSA-29qj-rvv6-qrmv
Blast Radius: 13.8
Affected Packages
maven:org.jboss.resteasy:resteasy-core
Dependent packages: 158Dependent repositories: 357
Downloads:
Affected Version Ranges: >= 4.0.0, <= 4.5.2.Final, <= 3.11.0.Final
Fixed in: 4.5.3.Final, 3.11.1.Final
All affected versions:
All unaffected versions:
maven:org.jboss.resteasy:resteasy-bom
Dependent packages: 47Dependent repositories: 326
Downloads:
Affected Version Ranges: >= 4.0.0, <= 4.5.2.Final, <= 3.11.0.Final
Fixed in: 4.5.3.Final, 3.11.1.Final
All affected versions:
All unaffected versions: