GHSA-244r-fcj3-ghjq
Suggest an improvement- Source
- https://github.com/advisories/GHSA-244r-fcj3-ghjq
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-244r-fcj3-ghjq/GHSA-244r-fcj3-ghjq.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-244r-fcj3-ghjq
- Aliases
- Published
- 2021-04-07T21:51:33Z
- Modified
- 2024-02-17T05:35:12.446645Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Exposure of class information in RESTEasy
- Details
-
A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-20289
- https://bugzilla.redhat.com/show_bug.cgi?id=1935927
- https://bugzilla.redhat.com/show_bug.cgi?id=1941544
- https://issues.redhat.com/browse/RESTEASY-2843
- https://security.netapp.com/advisory/ntap-20210528-0008
- https://www.oracle.com/security-alerts/cpuapr2022.html
Affected packages
Maven / org.jboss.resteasy:resteasy-core
Package
- Name
- org.jboss.resteasy:resteasy-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.resteasy/resteasy-core
Maven / org.jboss.resteasy:resteasy-core
Package
- Name
- org.jboss.resteasy:resteasy-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.resteasy/resteasy-core
Maven / org.jboss.resteasy:resteasy-core
Package
- Name
- org.jboss.resteasy:resteasy-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.resteasy/resteasy-core