CVE-2021-20289
Description
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource methods parameter value. The highest threat from this vulnerability is to data confidentiality.
Risk Information
Base Score
5.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.088
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2021-20289 are fixed in JBoss-resteasy-core 4.6.1 | Windows |
| Vulnerabilities CVE-2021-20289 are fixed in JBoss-resteasy-core 4.5.10 | Windows |
| Vulnerabilities CVE-2021-20289 are fixed in JBoss-resteasy-core 3.16.0 | Windows |
| Multiple Vulnerabilities are affected in Netapp Oncommand Insight 2.3 | Windows |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-tjws-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-jaxrs-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-client-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-javadoc-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-jaxrs-all-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-jaxrs-api-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-resteasy-pom-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-atom-provider-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-jaxb-provider-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-providers-pom-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-jackson-provider-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS-2024-2398) resteasy-base-jettison-provider-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| RESTEasy -- Framework for RESTful Web services and Java applications (USN-7351-1) libresteasy-java_3.6.2-2ubuntu0.24.10.1_all.deb | Linux |
| Vulnerabilities CVE-2021-20289 are fixed in JBoss-resteasy-core for Linux 4.6.1 | Linux |
| Vulnerabilities CVE-2021-20289 are fixed in JBoss-resteasy-core for Linux 4.5.10 | Linux |
| Vulnerabilities CVE-2021-20289 are fixed in JBoss-resteasy-core for Linux 3.16.0 | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-atom-provider-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-client-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-jackson-provider-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-javadoc-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-jaxb-provider-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-jaxrs-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-jaxrs-all-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-jaxrs-api-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-jettison-provider-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-providers-pom-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-resteasy-pom-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| resteasy-base Security Update (ALAS2-2024-2398) resteasy-base-tjws-3.0.6-4.amzn2.0.1.noarch.rpm | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy-java_3.6.2-3ubuntu0.25.04.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-3ubuntu0.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.24.04.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.24.10.1_all.deb | Linux |
| A project that provides various frameworks to help you build RESTful Web Services and RESTful Java applications (USN-7630-1) USN-7630-1 libresteasy3.0-java_3.0.26-6ubuntu0.25.04.1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234