Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@2.3.7.Final

Type maven

Namespace org.jboss.resteasy

Name resteasy-jaxrs

Version 2.3.7.Final

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.14.0.Final

Latest_non_vulnerable_version 3.15.2.Final

Affected_by_vulnerabilities

url VCID-a7z7-bpv6-wuhj

vulnerability_id VCID-a7z7-bpv6-wuhj

summary

External entities expanded by DocumentProvider
`DocumentProvider` in this package does not configure the external-general-entities or external-parameter-entities features, which allows remote attackers to conduct XML external entity (XXE) attacks via unspecified vectors.

references

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0675.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0675.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0773.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0773.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0850.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0850.html

reference_url

http://rhn.redhat.com/errata/RHSA-2015-0851.html

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://rhn.redhat.com/errata/RHSA-2015-0851.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7839.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-7839.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-7839

reference_id

reference_type

scores

value	0.01262
scoring_system	epss
scoring_elements	0.79767
published_at	2026-06-04T12:55:00Z

value	0.01262
scoring_system	epss
scoring_elements	0.79792
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-7839

reference_url

https://github.com/resteasy/Resteasy

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/Resteasy

reference_url

https://github.com/resteasy/resteasy/pull/611/commits/3ab999c899c455a0b0a00bf5e455ed3e8d9ae347

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/resteasy/pull/611/commits/3ab999c899c455a0b0a00bf5e455ed3e8d9ae347

reference_url

https://github.com/resteasy/resteasy/pull/611/commits/8b5d8cfc963794a74636d9a840e899408ec8fdc6

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/resteasy/pull/611/commits/8b5d8cfc963794a74636d9a840e899408ec8fdc6

reference_url

https://issues.jboss.org/browse/RESTEASY-1130

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/RESTEASY-1130

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-7839

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-7839

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1165328
reference_id	1165328
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1165328

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770544
reference_id	770544
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770544

reference_url	https://bugzilla.redhat.com/CVE-2014-7839
reference_id	CVE-2014-7839
reference_type
scores
url	https://bugzilla.redhat.com/CVE-2014-7839

reference_url	https://access.redhat.com/errata/RHSA-2015:0215
reference_id	RHSA-2015:0215
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0215

reference_url	https://access.redhat.com/errata/RHSA-2015:0216
reference_id	RHSA-2015:0216
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0216

reference_url	https://access.redhat.com/errata/RHSA-2015:0217
reference_id	RHSA-2015:0217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0217

reference_url	https://access.redhat.com/errata/RHSA-2015:0218
reference_id	RHSA-2015:0218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0218

reference_url	https://access.redhat.com/errata/RHSA-2015:0675
reference_id	RHSA-2015:0675
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0675

reference_url	https://access.redhat.com/errata/RHSA-2015:0773
reference_id	RHSA-2015:0773
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0773

reference_url	https://access.redhat.com/errata/RHSA-2015:0850
reference_id	RHSA-2015:0850
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0850

reference_url	https://access.redhat.com/errata/RHSA-2015:0851
reference_id	RHSA-2015:0851
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0851

reference_url	https://access.redhat.com/errata/RHSA-2015:1009
reference_id	RHSA-2015:1009
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:1009

fixed_packages

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@2.3.10.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@2.3.10.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-df6d-zkkc-nug5

vulnerability	VCID-fz1g-gucy-guhv

vulnerability	VCID-gxga-8ssu-aqbq

vulnerability	VCID-hajw-3aw9-tkff

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@2.3.10.Final

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.0.10.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.0.10.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-df6d-zkkc-nug5

vulnerability	VCID-fz1g-gucy-guhv

vulnerability	VCID-gxga-8ssu-aqbq

vulnerability	VCID-hajw-3aw9-tkff

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.0.10.Final

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.0.11.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.0.11.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-df6d-zkkc-nug5

vulnerability	VCID-fz1g-gucy-guhv

vulnerability	VCID-gxga-8ssu-aqbq

vulnerability	VCID-hajw-3aw9-tkff

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.0.11.Final

aliases CVE-2014-7839, GHSA-pc54-pchm-xcw6

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7z7-bpv6-wuhj

url VCID-df6d-zkkc-nug5

vulnerability_id VCID-df6d-zkkc-nug5

summary

Information Exposure Through an Error Message
A flaw was found in RESTEasy where the endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20289

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.2456
published_at	2026-06-05T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24458
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20289

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1941544

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1941544

reference_url

https://issues.redhat.com/browse/RESTEASY-2843

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/RESTEASY-2843

reference_url

https://security.netapp.com/advisory/ntap-20210528-0008

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210528-0008

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20289

reference_id

CVE-2021-20289

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20289

reference_url	https://access.redhat.com/errata/RHSA-2021:3700
reference_id	RHSA-2021:3700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3700

reference_url	https://access.redhat.com/errata/RHSA-2021:3880
reference_id	RHSA-2021:3880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3880

reference_url	https://access.redhat.com/errata/RHSA-2021:4100
reference_id	RHSA-2021:4100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4100

reference_url	https://access.redhat.com/errata/RHSA-2021:4676
reference_id	RHSA-2021:4676
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4676

reference_url	https://access.redhat.com/errata/RHSA-2021:4677
reference_id	RHSA-2021:4677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4677

reference_url	https://access.redhat.com/errata/RHSA-2021:4679
reference_id	RHSA-2021:4679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4679

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:5149
reference_id	RHSA-2021:5149
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5149

reference_url	https://access.redhat.com/errata/RHSA-2021:5150
reference_id	RHSA-2021:5150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5150

reference_url	https://access.redhat.com/errata/RHSA-2021:5151
reference_id	RHSA-2021:5151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5151

reference_url	https://access.redhat.com/errata/RHSA-2021:5154
reference_id	RHSA-2021:5154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5154

reference_url	https://access.redhat.com/errata/RHSA-2021:5170
reference_id	RHSA-2021:5170
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5170

reference_url	https://access.redhat.com/errata/RHSA-2022:0146
reference_id	RHSA-2022:0146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0146

reference_url	https://access.redhat.com/errata/RHSA-2022:0151
reference_id	RHSA-2022:0151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0151

reference_url	https://access.redhat.com/errata/RHSA-2022:0152
reference_id	RHSA-2022:0152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0152

reference_url	https://access.redhat.com/errata/RHSA-2022:0155
reference_id	RHSA-2022:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0155

reference_url	https://access.redhat.com/errata/RHSA-2022:0164
reference_id	RHSA-2022:0164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0164

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

reference_url	https://access.redhat.com/errata/RHSA-2022:6407
reference_id	RHSA-2022:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6407

reference_url	https://usn.ubuntu.com/7351-1/
reference_id	USN-7351-1
reference_type
scores
url	https://usn.ubuntu.com/7351-1/

reference_url	https://usn.ubuntu.com/7630-1/
reference_id	USN-7630-1
reference_type
scores
url	https://usn.ubuntu.com/7630-1/

fixed_packages

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.5.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.5.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fz1g-gucy-guhv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.5.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.2.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.2.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.2.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.10.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.10.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.10.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.7.0.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.7.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.7.0.Final

aliases CVE-2021-20289, GHSA-244r-fcj3-ghjq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-df6d-zkkc-nug5

url VCID-fz1g-gucy-guhv

vulnerability_id VCID-fz1g-gucy-guhv

summary

Information Exposure Through an Error Message
A flaw was found in RESTEasy client. It may allow client users to obtain the server's potentially sensitive information when the server got `WebApplicationException` from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25633.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25633.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25633

reference_id

reference_type

scores

value	0.00193
scoring_system	epss
scoring_elements	0.4117
published_at	2026-06-05T12:55:00Z

value	0.00193
scoring_system	epss
scoring_elements	0.41095
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25633

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25633

reference_url

https://github.com/resteasy/Resteasy/pull/2665/commits/13c808b5967242eec1e877edbc0014a84dcd6eb0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/Resteasy/pull/2665/commits/13c808b5967242eec1e877edbc0014a84dcd6eb0

reference_url

https://issues.redhat.com/browse/RESTEASY-2820

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/RESTEASY-2820

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014983
reference_id	1014983
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014983

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1879042
reference_id	1879042
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1879042

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970585
reference_id	970585
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970585

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25633

reference_id

CVE-2020-25633

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25633

reference_url	https://github.com/advisories/GHSA-hr32-mgpm-qf2f
reference_id	GHSA-hr32-mgpm-qf2f
reference_type
scores
url	https://github.com/advisories/GHSA-hr32-mgpm-qf2f

reference_url	https://access.redhat.com/errata/RHSA-2021:0246
reference_id	RHSA-2021:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0246

reference_url	https://access.redhat.com/errata/RHSA-2021:0247
reference_id	RHSA-2021:0247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0247

reference_url	https://access.redhat.com/errata/RHSA-2021:0248
reference_id	RHSA-2021:0248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0248

reference_url	https://access.redhat.com/errata/RHSA-2021:0250
reference_id	RHSA-2021:0250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0250

reference_url	https://access.redhat.com/errata/RHSA-2021:0295
reference_id	RHSA-2021:0295
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0295

reference_url	https://access.redhat.com/errata/RHSA-2021:0327
reference_id	RHSA-2021:0327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0327

reference_url	https://access.redhat.com/errata/RHSA-2021:1004
reference_id	RHSA-2021:1004
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1004

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

reference_url	https://access.redhat.com/errata/RHSA-2021:2858
reference_id	RHSA-2021:2858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2858

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

reference_url	https://usn.ubuntu.com/7351-1/
reference_id	USN-7351-1
reference_type
scores
url	https://usn.ubuntu.com/7351-1/

reference_url	https://usn.ubuntu.com/7630-1/
reference_id	USN-7630-1
reference_type
scores
url	https://usn.ubuntu.com/7630-1/

fixed_packages

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.14.0.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.14.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.14.0.Final

aliases CVE-2020-25633, GHSA-hr32-mgpm-qf2f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fz1g-gucy-guhv

url VCID-gxga-8ssu-aqbq

vulnerability_id VCID-gxga-8ssu-aqbq

summary

Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6347.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6347.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6347

reference_id

reference_type

scores

value	0.00093
scoring_system	epss
scoring_elements	0.26168
published_at	2026-06-05T12:55:00Z

value	0.00093
scoring_system	epss
scoring_elements	0.26066
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6347

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1372124

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1372124

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6347
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6347

reference_url

http://www.securityfocus.com/bid/92759

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/92759

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170
reference_id	837170
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6347

reference_id

CVE-2016-6347

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6347

reference_url	https://github.com/advisories/GHSA-r346-rmrg-qpgh
reference_id	GHSA-r346-rmrg-qpgh
reference_type
scores
url	https://github.com/advisories/GHSA-r346-rmrg-qpgh

reference_url	https://usn.ubuntu.com/7630-1/
reference_id	USN-7630-1
reference_type
scores
url	https://usn.ubuntu.com/7630-1/

fixed_packages

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.1.0.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.1.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-df6d-zkkc-nug5

vulnerability	VCID-fz1g-gucy-guhv

vulnerability	VCID-hajw-3aw9-tkff

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.1.0.Final

aliases CVE-2016-6347, GHSA-r346-rmrg-qpgh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxga-8ssu-aqbq

url VCID-hajw-3aw9-tkff

vulnerability_id VCID-hajw-3aw9-tkff

summary

Cross-site Scripting
A cross-site scripting (XSS) flaw was found in RESTEasy where it does not properly handle URL encoding when the `RESTEASY003870` exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10688.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10688.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10688

reference_id

reference_type

scores

value	0.00344
scoring_system	epss
scoring_elements	0.57285
published_at	2026-06-05T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57233
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10688

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1814974

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1814974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10688
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10688

reference_url

https://github.com/quarkusio/quarkus/issues/7248

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus/issues/7248

reference_url

https://issues.redhat.com/browse/RESTEASY-2519

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/RESTEASY-2519

reference_url

https://security.netapp.com/advisory/ntap-20210706-0008

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210706-0008

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015001
reference_id	1015001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015001

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970328
reference_id	970328
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970328

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10688

reference_id

CVE-2020-10688

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10688

reference_url	https://github.com/advisories/GHSA-29qj-rvv6-qrmv
reference_id	GHSA-29qj-rvv6-qrmv
reference_type
scores
url	https://github.com/advisories/GHSA-29qj-rvv6-qrmv

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3806
reference_id	RHSA-2020:3806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3806

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

reference_url	https://usn.ubuntu.com/7351-1/
reference_id	USN-7351-1
reference_type
scores
url	https://usn.ubuntu.com/7351-1/

reference_url	https://usn.ubuntu.com/7630-1/
reference_id	USN-7630-1
reference_type
scores
url	https://usn.ubuntu.com/7630-1/

fixed_packages

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.1.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-df6d-zkkc-nug5

vulnerability	VCID-fz1g-gucy-guhv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.1.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.3
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.3

aliases CVE-2020-10688, GHSA-29qj-rvv6-qrmv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hajw-3aw9-tkff

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@2.3.7.Final

Package Instance