Description

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2023-34616 Vulnerability in maven package com.progsbase.libraries:json

CVE-2020-28471 Vulnerability in npm package properties-reader

CVE-2020-7625 Vulnerability in npm package op-browser

CVE-2017-2638 Vulnerability in maven package org.infinispan:infinispan-compatibility-mode-it

CVE-2021-23597 Vulnerability in npm package fastify-multipart

Severity

Medium

Classification

CWE-209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Patch