CVE-2020-10688

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

References

Affected packages

Git / github.com/quarkusio/quarkus

Affected ranges

Type

GIT

Repo

https://github.com/quarkusio/quarkus

Events

Introduced

Last affected

20bcdc130907e26c1382206de4301d3b7f4e8c55

Introduced

Fixed

db39c2ccaef51388cd776acd86da300afff8b324

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "3.11.1"
        }
    ]
}

Type

GIT

Repo

https://github.com/resteasy/resteasy

Events

Introduced

0b0bf1e93dd5276d99f19e6fbcb1f7df14a5795f

Fixed

01f0c6f9e611badd7dd6d412ab339f98ae05e966

Database specific

{
    "versions": [
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.3"
        }
    ]
}

Affected versions

4.*

4.5.0.Final

4.5.1.Final

4.5.2.Final

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10688.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4"
            }
        ]
    }
]