GHSA-5h26-c766-g93v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5h26-c766-g93v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-5h26-c766-g93v/GHSA-5h26-c766-g93v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5h26-c766-g93v
- Aliases
- Published
- 2021-06-15T15:59:27Z
- Modified
- 2024-02-17T05:36:30.211027Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Cross-Site Scripting
- Details
-
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.
- Database specific
{ "github_reviewed_at": "2021-06-14T19:27:56Z", "cwe_ids": [ "CWE-79" ], "nvd_published_at": "2021-06-10T12:15:00Z", "severity": "HIGH", "github_reviewed": true }- References
Affected packages
Maven / org.jboss.resteasy:resteasy-bom
Package
- Name
- org.jboss.resteasy:resteasy-bom
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.resteasy/resteasy-bom
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.6.0.Final
Affected versions
1.*
1.2.GA
1.2.1.GA
2.*
2.0-beta-1
2.0-beta-2
2.0-beta-3
2.0-beta-4
2.0-RC1
2.0.0.GA
2.0.1.GA
2.1-beta-1
2.1.0.GA
2.2-beta-1
2.2-RC-1
2.2.0.GA
2.2.1.GA
2.2.2.GA
2.2.3.GA
2.3-beta-1
2.3-RC1
2.3.0.GA
2.3.1.GA
2.3.2.Final
2.3.3.Final
2.3.4.Final
2.3.5.Final
2.3.6.Final
2.3.7.Final
2.3.10.Final
3.*
3.0-beta-1
3.0-beta-2
3.0-beta-3
3.0-beta-4
3.0-beta-5
3.0-beta-6
3.0-rc-1
3.0.0.Final
3.0.1.Final
3.0.2.Final
3.0.3.Final
3.0.4.Final
3.0.5.Final
3.0.6.Final
3.0.7.Final
3.0.8.Final
3.0.9.Final
3.0.10.Final
3.0.11.Final
3.0.12.Final
3.0.13.Final
3.0.14.Final
3.0.15.Final
3.0.16.Final
3.0.17.Final
3.0.18.Final
3.0.19.Final
3.0.20.Final
3.0.21.Final
3.0.22.Final
3.0.23.Final
3.0.24.Final
3.0.26.Final
3.1.0.Beta1
3.1.0.Beta2
3.1.0.CR1
3.1.0.CR2
3.1.0.CR3
3.1.0.Final
3.1.1.Final
3.1.2.Final
3.1.3.Final
3.1.4.Final
3.5.0.CR1
3.5.0.CR2
3.5.0.CR3
3.5.0.CR4
3.5.0.Final
3.5.1.Final
3.6.0.CR1
3.6.0.Final
3.6.1.SP1
3.6.1.SP2
3.6.1.SP3
3.6.1.SP5
3.6.1.SP6
3.6.1.SP7
3.6.1.SP8
3.6.1.Final
3.6.2.Final
3.6.3.SP1
3.6.3.Final
3.7.0.Final
3.8.0.Final
3.8.1.Final
3.9.0.Final
3.9.1.Final
3.9.2.Final
3.9.3.SP1
3.9.3.Final
3.10.0.Final
3.11.0.Final
3.11.1.Final
3.11.2.Final
3.11.3.Final
3.11.4.Final
3.11.5.Final
3.12.0.Final
3.12.1.Final
3.13.0.Final
3.13.1.Final
3.13.2.Final
3.14.0.Final
3.15.0.Alpha1
3.15.0.Final
3.15.1.Final
3.15.2.Final
3.15.3.Final
3.15.6.Final
4.*
4.0.0.Beta1
4.0.0.Beta2
4.0.0.Beta3
4.0.0.Beta4
4.0.0.Beta5
4.0.0.Beta6
4.0.0.Beta7
4.0.0.Beta8
4.0.0.CR1
4.0.0.CR2
4.0.0.CR3
4.0.0.Final
4.1.0.Final
4.1.1.Final
4.2.0.Final
4.3.0.Final
4.3.1.Final
4.4.0.CR1
4.4.0.Final
4.4.1.Final
4.4.2.Final
4.4.3.Final
4.5.0.Final
4.5.1.Final
4.5.2.Final
4.5.3.Final
4.5.4.Final
4.5.5.Final
4.5.6.Final
4.5.7.Final
4.5.8.SP1
4.5.8.Final
4.5.9.Final
4.5.10.Final
4.5.11.Final
4.5.12.Beta1
4.5.12.Final
4.6.0.Final
Maven / org.jboss.resteasy:resteasy-core
Package
- Name
- org.jboss.resteasy:resteasy-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.resteasy/resteasy-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected4.6.0.Final
Affected versions
4.*
4.0.0.Beta6
4.0.0.Beta7
4.0.0.Beta8
4.0.0.CR1
4.0.0.CR2
4.0.0.CR3
4.0.0.Final
4.1.0.Final
4.1.1.Final
4.2.0.Final
4.3.0.Final
4.3.1.Final
4.4.0.CR1
4.4.0.Final
4.4.1.Final
4.4.2.Final
4.4.3.Final
4.5.0.Final
4.5.1.Final
4.5.2.Final
4.5.3.Final
4.5.4.Final
4.5.5.Final
4.5.6.Final
4.5.7.Final
4.5.8.SP1
4.5.8.Final
4.5.9.Final
4.5.10.Final
4.5.11.Final
4.5.12.Beta1
4.5.12.Final
4.6.0.Final