logo

Database

Reflected cross-site scripting (XSS) In org.jboss.resteasy:resteasy-bom

Description

Cross-Site Scripting A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version

Aliases

1. CVE-2021-202932. NVD-2021-202933. OSV-2021-202934. GCVE-2021-20293

References

1. https://bugzilla.redhat.com/show_bug.cgi?id=19428192. https://security.netapp.com/advisory/ntap-20210727-0005

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.