CVE-2020-10688

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-10688
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10688.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-10688
Aliases
Downstream
Published
2021-05-27T19:15:07.643Z
Modified
2026-04-02T02:08:58.749396Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

References

Affected packages

Git / github.com/libfuse/libfuse

Affected ranges

Type
GIT
Repo
https://github.com/libfuse/libfuse
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
ce63733284dd6519d2f4ca03c6aa8a6caa328379
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        }
    ]
}
Type
GIT
Repo
https://github.com/resteasy/resteasy
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
bc148c497d96cd17cc89621634eff964c4ef1587
Introduced
0b0bf1e93dd5276d99f19e6fbcb1f7df14a5795f
Fixed
01f0c6f9e611badd7dd6d412ab339f98ae05e966
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.11.1"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.3"
        }
    ]
}

Affected versions

3.*
3.0-beta-1
3.0-beta-2
3.0-beta-3
3.0-beta-4
3.0-beta-5
3.0-beta-6
3.0-rc-1
3.0.0.Final
3.0.1.Final
3.0.10.Final
3.0.11.Final
3.0.12.Final
3.0.13.Final
3.0.14.Final
3.0.15.Final
3.0.16.Final
3.0.17.Final
3.0.18
3.0.19.Final
3.0.19.SP1
3.0.19.SP2
3.0.19.SP3
3.0.19.SP4
3.0.19.SP5
3.0.2
3.0.20.Final
3.0.21.Final
3.0.22.Final
3.0.23.Final
3.0.24.Final
3.0.25.Final
3.0.26.Final
3.0.4
3.0.4.Final
3.0.5.Final
3.0.6.Final
3.0.7.Final
3.0.8.Final
3.0.9.Final
3.1.0.Beta1
3.1.0.Beta2
3.1.0.CR1
3.1.0.CR2
3.1.0.CR3
3.1.0.Final
3.1.1.Final
3.1.2.Final
3.1.3.Final
3.1.4.Final
3.10.0.Final
3.11.0.Final
3.11.2.Final
3.11.3.Final
3.11.4.Final
3.11.5.Final
3.12.0.Final
3.12.1.Final
3.13.0.Final
3.13.1.Final
3.13.2.Final
3.14.0.Final
3.15.0.Alpha1
3.15.0.Final
3.15.1.Final
3.15.2.Final
3.15.3.Final
3.15.4.Final
3.15.5.Final
3.15.6.Final
3.15.7.Final
3.5.0.CR1
3.5.0.CR2
3.5.0.CR3
3.5.0.CR4
3.5.0.Final
3.5.1.Final
3.6.0.CR1
3.6.0.Final
3.6.1.Final
3.6.1.SP1
3.6.1.SP2
3.6.1.SP3
3.6.1.SP5
3.6.1.SP6
3.6.1.SP7
3.6.1.SP8
3.6.1.SP9
3.6.2.Final
3.6.3.Final
3.6.3.SP1
3.7.0.Final
3.8.0.Final
3.8.1.Final
3.9.0.Final
3.9.1.Final
3.9.2.Final
3.9.3.Final
3.9.3.SP1
4.*
4.0.0.Beta1
4.0.0.Beta2
4.0.0.Beta3
4.0.0.Beta4
4.0.0.Beta5
4.0.0.Beta6
4.0.0.Beta7
4.0.0.Beta8
4.0.0.CR1
4.0.0.CR2
4.0.0.CR3
4.0.0.Final
4.1.0.Final
4.1.1.Final
4.2.0.Final
4.3.0.Final
4.3.1.Final
4.4.0.CR1
4.4.0.Final
4.4.1.Final
4.4.2.Final
4.4.3.Final
4.5.0.Final
4.5.1.Final
4.5.2.Final
4.6.0.Final
4.6.1.Beta1
4.6.1.Final
4.6.2.Final
4.7.0.Beta1
4.7.0.Final
4.7.1.Final
4.7.2.Final
4.7.3.Final
4.7.4.Final
4.7.5.Final
4.7.6.Final
4.7.7.Final
4.7.8.Final
4.7.9.Final
5.*
5.0.0.Alpha1
5.0.0.Beta1
5.0.0.Beta2
5.0.0.Beta3
5.0.0.Final
5.0.1.Final
5.0.2.Final
5.0.3.Final
5.0.4.Final
5.0.5.Final
5.0.6.Final
5.0.7.Final
5.0.8.Final
5.0.9.Final
6.*
6.0.0.Beta1
6.0.0.Final
6.0.1.Final
6.0.3.Final
6.1.0.Alpha1
6.1.0.Beta1
6.1.0.Beta2
6.1.0.Beta3
6.1.0.Final
6.2.0.Beta1
6.2.0.Final
6.2.1.Final
6.2.10.Final
6.2.11.Final
6.2.2.Final
6.2.3.Final
6.2.4.Final
6.2.5.Final
6.2.6.Final
6.2.7.Final
6.2.8.Final
6.2.9.Final
7.*
7.0.0.Alpha1
7.0.0.Alpha2
7.0.0.Alpha3
7.0.0.Alpha4
Other
RESTEASY_JAXRS_2_1_BETA_1
debian_version_0_95-1
debian_version_1_0-1
fuse_0_9
fuse_0_95
jsr-370-21-Apr-2017
start
v4.*
v4.7.10.Final
v5.*
v5.0.10.Final
v6.*
v6.2.12.Final
v6.2.13.Final
v6.2.14.Beta1
v6.2.14.Final
v6.2.15.Final
v7.*
v7.0.0.Beta1
v7.0.0.Beta2
v7.0.0.Beta3
v7.0.0.Beta4
v7.0.0.Beta5
v7.0.0.Final
v7.0.1.Final

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10688.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4"
            }
        ]
    }
]