Moderate severityNVD Advisory· Published Mar 26, 2021· Updated Aug 3, 2024

CVE-2021-20289

Description

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.jboss.resteasy:resteasy-coreMaven	>= 4.6.0, < 4.6.1	4.6.1
org.jboss.resteasy:resteasy-coreMaven	>= 4.0.0, < 4.5.10	4.5.10
org.jboss.resteasy:resteasy-coreMaven	>= 3.0.0, < 3.16.0	3.16.0

Affected products

RESTEasy/RESTEasydescription
ghsa-coords
pkg:maven/org.jboss.resteasy/resteasy-core
Range: >= 4.6.0, < 4.6.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/advisories/GHSA-244r-fcj3-ghjqghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2021-20289ghsaADVISORY
bugzilla.redhat.com/show_bug.cgighsax_refsource_MISCWEB
bugzilla.redhat.com/show_bug.cgighsaWEB
issues.redhat.com/browse/RESTEASY-2843ghsaWEB
security.netapp.com/advisory/ntap-20210528-0008ghsaWEB
www.oracle.com/security-alerts/cpuapr2022.htmlghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000