Description
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=1935927
https://www.oracle.com/security-alerts/cpuapr2022.html
Related Vulnerabilities
CVE-2023-22457 Vulnerability in maven package org.xwiki.contrib:application-ckeditor-ui
CVE-2019-1003093 Vulnerability in maven package org.jenkins-ci.plugins:nomad
CVE-2016-10735 Vulnerability in maven package org.jszip.redist:bootstrap
CVE-2023-44483 Vulnerability in maven package org.apache.santuario:xmlsec
CVE-2017-20162 Vulnerability in maven package org.webjars.npm:ms