Skip to content

Cross-Site Scripting

High severity GitHub Reviewed Published Jun 15, 2021 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

maven org.jboss.resteasy:resteasy-bom (Maven)

Affected versions

<= 4.6.0.Final

Patched versions

None
maven org.jboss.resteasy:resteasy-core (Maven)
<= 4.6.0.Final
None

Description

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.

References

Published by the National Vulnerability Database Jun 10, 2021
Reviewed Jun 14, 2021
Published to the GitHub Advisory Database Jun 15, 2021
Last updated Feb 1, 2023

Severity

High

EPSS score

0.084%
(37th percentile)

Weaknesses

CVE ID

CVE-2021-20293

GHSA ID

GHSA-5h26-c766-g93v

Source code

No known source code
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.