A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1942819 | Issue Tracking Vendor Advisory |
https://security.netapp.com/advisory/ntap-20210727-0005/ | Third Party Advisory |
Configurations
History
20 Sep 2021, 13:49
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CPE | cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:* |
21 Jun 2021, 17:47
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 4.3
v3 : 6.1 |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1942819 - Issue Tracking, Vendor Advisory | |
CPE | cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:* | |
CWE | CWE-79 |
10 Jun 2021, 12:32
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-06-10 12:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-20293
Mitre link : CVE-2021-20293
CVE.ORG link : CVE-2021-20293
JSON object : View
Products Affected
netapp
- oncommand_insight
redhat
- resteasy
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')