CVE-2020-10688 – org.jboss.resteasy:resteasy-core

Package

Manager: maven
Name: org.jboss.resteasy:resteasy-core
Vulnerable Version: >=0 <3.11.1.final || >=4.0.0 <4.5.3.final

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00222 pctl0.44762

Details

Cross-site scripting in RESTEasy A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Metadata

Created: 2021-06-15T16:05:22Z
Modified: 2021-06-01T20:09:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-29qj-rvv6-qrmv/GHSA-29qj-rvv6-qrmv.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-29qj-rvv6-qrmv
Finding: F008
Auto approve: 1