Description

A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

Related Vulnerabilities

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-dbcp-service

CVE-2023-4853 Vulnerability in maven package io.quarkus:quarkus-undertow

CVE-2023-42268 Vulnerability in maven package org.jeecgframework.boot:jeecg-boot-base-core

CVE-2023-43502 Vulnerability in maven package com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer

CVE-2016-10531 Vulnerability in maven package org.webjars.npm:marked

Severity

Medium

Classification

CWE-209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Vendor Advisory