CVE-2021-20289 – org.jboss.resteasy:resteasy-core

Package

Manager: maven
Name: org.jboss.resteasy:resteasy-core
Vulnerable Version: >=4.6.0 <4.6.1 || >=4.0.0 <4.5.10 || >=3.0.0 <3.16.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00084 pctl0.25343

Details

Exposure of class information in RESTEasy A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

Metadata

Created: 2021-04-07T21:51:33Z
Modified: 2022-04-22T15:49:36Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-244r-fcj3-ghjq/GHSA-244r-fcj3-ghjq.json
CWE IDs: ["CWE-209", "CWE-668"]
Alternative ID: GHSA-244r-fcj3-ghjq
Finding: F037
Auto approve: 1