Moderate severityNVD Advisory· Published Sep 18, 2020· Updated Aug 4, 2024
CVE-2020-25633
CVE-2020-25633
Description
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jboss.resteasy:resteasy-clientMaven | >= 4.0.0, < 4.5.7.Final | 4.5.7.Final |
org.jboss.resteasy:resteasy-client-microprofileMaven | >= 4.0.0, < 4.5.7.Final | 4.5.7.Final |
org.jboss.resteasy:resteasy-clientMaven | < 3.14.0.Final | 3.14.0.Final |
org.jboss.resteasy:resteasy-client-microprofileMaven | < 3.14.0.Final | 3.14.0.Final |
Affected products
3- ghsa-coords2 versionspkg:maven/org.jboss.resteasy/resteasy-clientpkg:maven/org.jboss.resteasy/resteasy-client-microprofile
>= 4.0.0, < 4.5.7.Final+ 1 more
- (no CPE)range: >= 4.0.0, < 4.5.7.Final
- (no CPE)range: >= 4.0.0, < 4.5.7.Final
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-hr32-mgpm-qf2fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-25633ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/resteasy/Resteasy/pull/2665/commits/13c808b5967242eec1e877edbc0014a84dcd6eb0ghsaWEB
- issues.redhat.com/browse/RESTEASY-2820ghsaWEB
News mentions
0No linked articles in our index yet.