CVE-2021-20289
Last modified
CVE-2021-20289 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. EPSS estimates a 1.44% chance of exploitation in the next 30 days.
Description
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Redhat | Resteasy | <= 4.6.0 |
| Netapp | Oncommand Insight | All versions |
| Quarkus | Quarkus | < 1.13.4 |
| Oracle | Communications Cloud Native Core Console | 1.9.0 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1935927Issue Tracking, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1935927Issue Tracking, Third Party Advisory
- https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-20289?
How severe is CVE-2021-20289?
How do I fix CVE-2021-20289?
Are you affected by CVE-2021-20289?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST