Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-20289 Vulnerability in maven package org.jboss.resteasy:resteasy-core

Description

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

https://www.oracle.com/security-alerts/cpuapr2022.html

Related Vulnerabilities

CVE-2023-40313 Vulnerability in maven package org.opennms:opennms-base-assembly

CVE-2022-25758 Vulnerability in maven package org.webjars.npm:scss-tokenizer

CVE-2020-2225 Vulnerability in maven package org.jenkins-ci.plugins:matrix-project

CVE-2021-3690 Vulnerability in maven package io.undertow:undertow-core

CVE-2018-25079 Vulnerability in npm package is-url

Severity

Medium

Classification

CWE-209 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Issue Tracking Third Party Advisory Patch