UBUNTU-CVE-2021-20289

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2021-20289
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-20289.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-20289
Upstream
Downstream
Related
Published
2021-03-26T17:15:00Z
Modified
2025-07-16T16:53:08Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
  • Ubuntu - low
Summary
[none]
Details

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

References

Affected packages

Ubuntu:Pro:16.04:LTS / resteasy

Package

Name
resteasy
Purl
pkg:deb/ubuntu/resteasy@3.0.6-3ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.6-3ubuntu0.1~esm1

Affected versions

3.*

3.0.6-3

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libresteasy-java",
            "binary_version": "3.0.6-3ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / resteasy3.0

Package

Name
resteasy3.0
Purl
pkg:deb/ubuntu/resteasy3.0@3.0.26-1~18.04.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.26-1~18.04.1~esm1

Affected versions

3.*

3.0.19-1
3.0.19-2
3.0.26-1~18.04

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libresteasy3.0-java",
            "binary_version": "3.0.26-1~18.04.1~esm1"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / resteasy

Package

Name
resteasy
Purl
pkg:deb/ubuntu/resteasy@3.6.2-2ubuntu0.20.04.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.2-2ubuntu0.20.04.1~esm1

Affected versions

3.*

3.6.2-2

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libresteasy-java",
            "binary_version": "3.6.2-2ubuntu0.20.04.1~esm1"
        }
    ]
}

Ubuntu:Pro:20.04:LTS / resteasy3.0

Package

Name
resteasy3.0
Purl
pkg:deb/ubuntu/resteasy3.0@3.0.26-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.26-1ubuntu0.1~esm1

Affected versions

3.*

3.0.26-1

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libresteasy3.0-java",
            "binary_version": "3.0.26-1ubuntu0.1~esm1"
        }
    ]
}

Ubuntu:22.04:LTS / resteasy

Package

Name
resteasy
Purl
pkg:deb/ubuntu/resteasy@3.6.2-2?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2-2

Ubuntu:22.04:LTS / resteasy3.0

Package

Name
resteasy3.0
Purl
pkg:deb/ubuntu/resteasy3.0@3.0.26-3ubuntu0.1?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.26-3ubuntu0.1

Affected versions

3.*

3.0.26-2
3.0.26-3

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libresteasy3.0-java",
            "binary_version": "3.0.26-3ubuntu0.1"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / resteasy

Package

Name
resteasy
Purl
pkg:deb/ubuntu/resteasy@3.6.2-2ubuntu0.22.04.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.2-2ubuntu0.22.04.1~esm1

Affected versions

3.*

3.6.2-2

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libresteasy-java",
            "binary_version": "3.6.2-2ubuntu0.22.04.1~esm1"
        }
    ]
}

Ubuntu:24.04:LTS / resteasy

Package

Name
resteasy
Purl
pkg:deb/ubuntu/resteasy@3.6.2-2?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.6.2-2

Ubuntu:24.04:LTS / resteasy3.0

Package

Name
resteasy3.0
Purl
pkg:deb/ubuntu/resteasy3.0@3.0.26-6ubuntu0.24.04.1?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.26-6ubuntu0.24.04.1

Affected versions

3.*

3.0.26-6

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libresteasy3.0-java",
            "binary_version": "3.0.26-6ubuntu0.24.04.1"
        }
    ]
}

Ubuntu:Pro:24.04:LTS / resteasy

Package

Name
resteasy
Purl
pkg:deb/ubuntu/resteasy@3.6.2-2ubuntu0.24.04.1~esm1?arch=source&distro=esm-apps/noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.2-2ubuntu0.24.04.1~esm1

Affected versions

3.*

3.6.2-2

Ecosystem specific 

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_name": "libresteasy-java",
            "binary_version": "3.6.2-2ubuntu0.24.04.1~esm1"
        }
    ]
}

Ubuntu:25.04 / resteasy

Package

Name
resteasy
Purl
pkg:deb/ubuntu/resteasy@3.6.2-3ubuntu0.25.04.1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.2-3ubuntu0.25.04.1

Affected versions

3.*

3.6.2-2
3.6.2-3

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libresteasy-java",
            "binary_version": "3.6.2-3ubuntu0.25.04.1"
        }
    ]
}

Ubuntu:25.04 / resteasy3.0

Package

Name
resteasy3.0
Purl
pkg:deb/ubuntu/resteasy3.0@3.0.26-6ubuntu0.25.04.1?arch=source&distro=plucky

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.26-6ubuntu0.25.04.1

Affected versions

3.*

3.0.26-6

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "libresteasy3.0-java",
            "binary_version": "3.0.26-6ubuntu0.25.04.1"
        }
    ]
}