Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@2.3.2.Final

Type maven

Namespace org.jboss.resteasy

Name resteasy-jaxrs

Version 2.3.2.Final

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.0.25.Final

Latest_non_vulnerable_version 4.7.0.Final

Affected_by_vulnerabilities

url VCID-df6d-zkkc-nug5

vulnerability_id VCID-df6d-zkkc-nug5

summary

Information Exposure Through an Error Message
A flaw was found in RESTEasy where the endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20289

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24458
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20289

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1941544

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1941544

reference_url

https://issues.redhat.com/browse/RESTEASY-2843

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/RESTEASY-2843

reference_url

https://security.netapp.com/advisory/ntap-20210528-0008

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210528-0008

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20289

reference_id

CVE-2021-20289

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20289

reference_url	https://access.redhat.com/errata/RHSA-2021:3700
reference_id	RHSA-2021:3700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3700

reference_url	https://access.redhat.com/errata/RHSA-2021:3880
reference_id	RHSA-2021:3880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3880

reference_url	https://access.redhat.com/errata/RHSA-2021:4100
reference_id	RHSA-2021:4100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4100

reference_url	https://access.redhat.com/errata/RHSA-2021:4676
reference_id	RHSA-2021:4676
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4676

reference_url	https://access.redhat.com/errata/RHSA-2021:4677
reference_id	RHSA-2021:4677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4677

reference_url	https://access.redhat.com/errata/RHSA-2021:4679
reference_id	RHSA-2021:4679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4679

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:5149
reference_id	RHSA-2021:5149
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5149

reference_url	https://access.redhat.com/errata/RHSA-2021:5150
reference_id	RHSA-2021:5150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5150

reference_url	https://access.redhat.com/errata/RHSA-2021:5151
reference_id	RHSA-2021:5151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5151

reference_url	https://access.redhat.com/errata/RHSA-2021:5154
reference_id	RHSA-2021:5154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5154

reference_url	https://access.redhat.com/errata/RHSA-2021:5170
reference_id	RHSA-2021:5170
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5170

reference_url	https://access.redhat.com/errata/RHSA-2022:0146
reference_id	RHSA-2022:0146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0146

reference_url	https://access.redhat.com/errata/RHSA-2022:0151
reference_id	RHSA-2022:0151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0151

reference_url	https://access.redhat.com/errata/RHSA-2022:0152
reference_id	RHSA-2022:0152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0152

reference_url	https://access.redhat.com/errata/RHSA-2022:0155
reference_id	RHSA-2022:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0155

reference_url	https://access.redhat.com/errata/RHSA-2022:0164
reference_id	RHSA-2022:0164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0164

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

reference_url	https://access.redhat.com/errata/RHSA-2022:6407
reference_id	RHSA-2022:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6407

fixed_packages

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.5.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.5.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fz1g-gucy-guhv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.5.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.2.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.2.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.2.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.10.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.10.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.10.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.7.0.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.7.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.7.0.Final

aliases CVE-2021-20289, GHSA-244r-fcj3-ghjq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-df6d-zkkc-nug5

url VCID-fz1g-gucy-guhv

vulnerability_id VCID-fz1g-gucy-guhv

summary

Information Exposure Through an Error Message
A flaw was found in RESTEasy client. It may allow client users to obtain the server's potentially sensitive information when the server got `WebApplicationException` from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25633.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25633.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25633

reference_id

reference_type

scores

value	0.00193
scoring_system	epss
scoring_elements	0.41095
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25633

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

reference_url

https://github.com/resteasy/Resteasy/pull/2665/commits/13c808b5967242eec1e877edbc0014a84dcd6eb0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/Resteasy/pull/2665/commits/13c808b5967242eec1e877edbc0014a84dcd6eb0

reference_url

https://issues.redhat.com/browse/RESTEASY-2820

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/RESTEASY-2820

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014983
reference_id	1014983
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014983

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1879042
reference_id	1879042
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1879042

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970585
reference_id	970585
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970585

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25633

reference_id

CVE-2020-25633

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25633

reference_url	https://github.com/advisories/GHSA-hr32-mgpm-qf2f
reference_id	GHSA-hr32-mgpm-qf2f
reference_type
scores
url	https://github.com/advisories/GHSA-hr32-mgpm-qf2f

reference_url	https://access.redhat.com/errata/RHSA-2021:0246
reference_id	RHSA-2021:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0246

reference_url	https://access.redhat.com/errata/RHSA-2021:0247
reference_id	RHSA-2021:0247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0247

reference_url	https://access.redhat.com/errata/RHSA-2021:0248
reference_id	RHSA-2021:0248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0248

reference_url	https://access.redhat.com/errata/RHSA-2021:0250
reference_id	RHSA-2021:0250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0250

reference_url	https://access.redhat.com/errata/RHSA-2021:0295
reference_id	RHSA-2021:0295
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0295

reference_url	https://access.redhat.com/errata/RHSA-2021:0327
reference_id	RHSA-2021:0327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0327

reference_url	https://access.redhat.com/errata/RHSA-2021:1004
reference_id	RHSA-2021:1004
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1004

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

reference_url	https://access.redhat.com/errata/RHSA-2021:2858
reference_id	RHSA-2021:2858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2858

reference_url	https://access.redhat.com/errata/RHSA-2021:3140
reference_id	RHSA-2021:3140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3140

fixed_packages

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.14.0.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.14.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.14.0.Final

aliases CVE-2020-25633, GHSA-hr32-mgpm-qf2f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fz1g-gucy-guhv

url VCID-gxga-8ssu-aqbq

vulnerability_id VCID-gxga-8ssu-aqbq

summary

Cross-site Scripting
Cross-site scripting (XSS) vulnerability in the default exception handler in RESTEasy allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6347.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6347.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-6347

reference_id

reference_type

scores

value	0.00093
scoring_system	epss
scoring_elements	0.26066
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-6347

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1372124

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1372124

reference_url

http://www.securityfocus.com/bid/92759

reference_id

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/92759

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170
reference_id	837170
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837170

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-6347

reference_id

CVE-2016-6347

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-6347

fixed_packages

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.1.0.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.1.0.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-df6d-zkkc-nug5

vulnerability	VCID-fz1g-gucy-guhv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.1.0.Final

aliases CVE-2016-6347, GHSA-r346-rmrg-qpgh

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gxga-8ssu-aqbq

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@2.3.2.Final

Package Instance