Lucene search
RedhatCVELIST:CVE-2021-20289HistoryMar 26, 2021 - 4:28 p.m.
CVE-2021-20289
2021-03-2616:28:44
CWE-209
redhat
www.cve.org
8
resteasy
disclosure
endpointεη§°
method names
data confidentiality
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource methodβs parameter value. The highest threat from this vulnerability is to data confidentiality.
CNA Affected
[
{
"product": "resteasy",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "resteasy 3.11.5.Final, resteasy 3.15.2.Final, resteasy 4.5.10.Final, resteasy 4.6.1.Final, resteasy 4.6.2.Final"
}
]
}
]Related
nessus
nessus
RHEL 8 : candlepin (Unpatched Vulnerability)
2024-06-03 00:00:00
Amazon Linux 2 : resteasy-base (ALAS-2024-2398)
2024-01-09 00:00:00
osv
osv
Exposure of class information in RESTEasy
2021-04-07 21:51:33
CVE-2021-20289
2021-03-26 17:15:13
cve
cve
CVE-2021-20289
2021-03-26 17:15:13
prion
prion
Design/Logic Flaw
2021-03-26 17:15:00
github
github
Exposure of class information in RESTEasy
2021-04-07 21:51:33
ubuntucve
ubuntucve
CVE-2021-20289
2021-03-26 00:00:00
redhatcve
redhatcve
CVE-2021-20289
2021-03-16 14:32:50
veracode
veracode
Information Disclosure
2021-03-29 06:24:54
nvd
nvd
CVE-2021-20289
2021-03-26 17:15:13
amazon
amazon
Medium: resteasy-base
2024-01-03 21:04:00
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00