CVE-2020-10688

MEDIUM5.4EPSS 0.34%

Cross-site scripting in RESTEasy

發布日:2021/6/15修改日:2024/2/17

也稱為:GHSA-29qj-rvv6-qrmvDEBIAN-CVE-2020-10688

描述

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

受影響套件(3)

Debian/resteasy3.0from 0
Maven/org.jboss.resteasy:resteasy-bomfrom 0, < 3.11.1.Final
Maven/org.jboss.resteasy:resteasy-corefrom 0, < 3.11.1.Final

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

參考連結(6)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-10688
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-10688
WEBhttps://bugzilla.redhat.com/show_bug.cgi?id=1814974
WEBhttps://github.com/quarkusio/quarkus/issues/7248
WEBhttps://issues.redhat.com/browse/RESTEASY-2519
WEBhttps://security.netapp.com/advisory/ntap-20210706-0008