CVE-2020-10688
N/A
N/A
Summary
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | RESTEasy | resteasy 3.11.1.Final, resteasy 4.5.3.Final | affected |
Weaknesses
- CWE-79: CWE-79
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=1814974
- https://github.com/quarkusio/quarkus/issues/7248
- https://issues.redhat.com/browse/RESTEASY-2519
- https://security.netapp.com/advisory/ntap-20210706-0008/
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1814974
- https://github.com/quarkusio/quarkus/issues/7248
- https://issues.redhat.com/browse/RESTEASY-2519
- https://security.netapp.com/advisory/ntap-20210706-0008/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.