CVE-2020-10688

Summary

CVE	CVE-2020-10688
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-05-27 19:15:00 UTC
Updated	2022-05-13 20:47:00 UTC
Description	A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

Risk And Classification

Problem Types: CWE-79

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Redhat	Enterprise Linux	6.0	All	All	All
Operating System	Redhat	Enterprise Linux	7.0	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Application	Redhat	Fuse	1.0	All	All	All
Application	Redhat	Jboss Enterprise Application Platform	-	All	All	All
Application	Redhat	Jboss Enterprise Application Platform	7.3	All	All	All
Application	Redhat	Jboss Enterprise Application Platform	7.4	All	All	All
Application	Redhat	Openshift Application Runtimes	-	All	All	All
Application	Redhat	Resteasy	All	All	All	All

References

Reference	Source	Link	Tags
Login server redirect	MISC	issues.redhat.com
XSS vulnerability in NotFoundExceptionMapper · Issue #7248 · quarkusio/quarkus · GitHub	MISC	github.com
CVE-2020-10688 RESTEasy Vulnerability in NetApp Products \| NetApp Product Security	CONFIRM	security.netapp.com
1814974 – (CVE-2020-10688) CVE-2020-10688 RESTEasy: RESTEASY003870 exception in RESTEasy can lead to a reflected XSS attack	MISC	bugzilla.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

982272 Java (maven) Security Update for org.jboss.resteasy:resteasy-core (GHSA-29qj-rvv6-qrmv)