GHSA-29qj-rvv6-qrmv

Source

https://github.com/advisories/GHSA-29qj-rvv6-qrmv

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-29qj-rvv6-qrmv/GHSA-29qj-rvv6-qrmv.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-29qj-rvv6-qrmv

Aliases

CVE-2020-10688

Published

2021-06-15T16:05:22Z

Modified

2024-02-17T05:28:57.426480Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N CVSS Calculator

Summary

Cross-site scripting in RESTEasy

Details

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

References

Affected packages

Maven / org.jboss.resteasy:resteasy-bom

Package

Name: org.jboss.resteasy:resteasy-bom; View open source insights on deps.dev
Purl: pkg:maven/org.jboss.resteasy/resteasy-bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.1.Final

Affected versions

1.*

1.2.GA

1.2.1.GA

2.*

2.0-beta-1

2.0-beta-2

2.0-beta-3

2.0-beta-4

2.0-RC1

2.0.0.GA

2.0.1.GA

2.1-beta-1

2.1.0.GA

2.2-beta-1

2.2-RC-1

2.2.0.GA

2.2.1.GA

2.2.2.GA

2.2.3.GA

2.3-beta-1

2.3-RC1

2.3.0.GA

2.3.1.GA

2.3.2.Final

2.3.3.Final

2.3.4.Final

2.3.5.Final

2.3.6.Final

2.3.7.Final

2.3.10.Final

3.*

3.0-beta-1

3.0-beta-2

3.0-beta-3

3.0-beta-4

3.0-beta-5

3.0-beta-6

3.0-rc-1

3.0.0.Final

3.0.1.Final

3.0.2.Final

3.0.3.Final

3.0.4.Final

3.0.5.Final

3.0.6.Final

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.0.10.Final

3.0.11.Final

3.0.12.Final

3.0.13.Final

3.0.14.Final

3.0.15.Final

3.0.16.Final

3.0.17.Final

3.0.18.Final

3.0.19.Final

3.0.20.Final

3.0.21.Final

3.0.22.Final

3.0.23.Final

3.0.24.Final

3.0.26.Final

3.1.0.Beta1

3.1.0.Beta2

3.1.0.CR1

3.1.0.CR2

3.1.0.CR3

3.1.0.Final

3.1.1.Final

3.1.2.Final

3.1.3.Final

3.1.4.Final

3.5.0.CR1

3.5.0.CR2

3.5.0.CR3

3.5.0.CR4

3.5.0.Final

3.5.1.Final

3.6.0.CR1

3.6.0.Final

3.6.1.SP1

3.6.1.SP2

3.6.1.SP3

3.6.1.SP5

3.6.1.SP6

3.6.1.SP7

3.6.1.SP8

3.6.1.Final

3.6.2.Final

3.6.3.SP1

3.6.3.Final

3.7.0.Final

3.8.0.Final

3.8.1.Final

3.9.0.Final

3.9.1.Final

3.9.2.Final

3.9.3.SP1

3.9.3.Final

3.10.0.Final

3.11.0.Final

Database specific

{
    "last_known_affected_version_range": "<= 3.11.0.Final"
}

Maven / org.jboss.resteasy:resteasy-bom

Package

Name: org.jboss.resteasy:resteasy-bom; View open source insights on deps.dev
Purl: pkg:maven/org.jboss.resteasy/resteasy-bom

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.5.3.Final

Affected versions

4.*

4.0.0.Final

4.1.0.Final

4.1.1.Final

4.2.0.Final

4.3.0.Final

4.3.1.Final

4.4.0.CR1

4.4.0.Final

4.4.1.Final

4.4.2.Final

4.4.3.Final

4.5.0.Final

4.5.1.Final

4.5.2.Final

Database specific

{
    "last_known_affected_version_range": "<= 4.5.2.Final"
}

Maven / org.jboss.resteasy:resteasy-core

Package

Name: org.jboss.resteasy:resteasy-core; View open source insights on deps.dev
Purl: pkg:maven/org.jboss.resteasy/resteasy-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.1.Final

Database specific

{
    "last_known_affected_version_range": "<= 3.11.0.Final"
}

Maven / org.jboss.resteasy:resteasy-core

Package

Name: org.jboss.resteasy:resteasy-core; View open source insights on deps.dev
Purl: pkg:maven/org.jboss.resteasy/resteasy-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.5.3.Final

Affected versions

4.*

4.0.0.Final

4.1.0.Final

4.1.1.Final

4.2.0.Final

4.3.0.Final

4.3.1.Final

4.4.0.CR1

4.4.0.Final

4.4.1.Final

4.4.2.Final

4.4.3.Final

4.5.0.Final

4.5.1.Final

4.5.2.Final

Database specific

{
    "last_known_affected_version_range": "<= 4.5.2.Final"
}