Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/237352?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/237352?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@4.5.4.Final", "type": "maven", "namespace": "org.jboss.resteasy", "name": "resteasy-core", "version": "4.5.4.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.7.8.Final", "latest_non_vulnerable_version": "6.2.3.Final", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34640?format=api", "vulnerability_id": "VCID-2thz-p7bw-7bdk", "summary": "Exposure of class information in RESTEasy\nA flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20289", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25244", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25264", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2534", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.2538", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25157", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25227", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25272", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00088", "scoring_system": "epss", "scoring_elements": "0.25287", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20289" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941544", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941544" }, { "reference_url": "https://issues.redhat.com/browse/RESTEASY-2843", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/RESTEASY-2843" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20289" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210528-0008", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210528-0008" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210528-0008/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210528-0008/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://github.com/advisories/GHSA-244r-fcj3-ghjq", "reference_id": "GHSA-244r-fcj3-ghjq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-244r-fcj3-ghjq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3700", "reference_id": "RHSA-2021:3700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3880", "reference_id": "RHSA-2021:3880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4100", "reference_id": "RHSA-2021:4100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4676", "reference_id": "RHSA-2021:4676", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4676" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4677", "reference_id": "RHSA-2021:4677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4677" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4679", "reference_id": "RHSA-2021:4679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5149", "reference_id": "RHSA-2021:5149", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5149" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5150", "reference_id": "RHSA-2021:5150", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5150" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5151", "reference_id": "RHSA-2021:5151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5154", "reference_id": "RHSA-2021:5154", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5154" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5170", "reference_id": "RHSA-2021:5170", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5170" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0146", "reference_id": "RHSA-2022:0146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0146" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0151", "reference_id": "RHSA-2022:0151", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0151" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0152", "reference_id": "RHSA-2022:0152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0155", "reference_id": "RHSA-2022:0155", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0164", "reference_id": "RHSA-2022:0164", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1179", "reference_id": "RHSA-2022:1179", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1179" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6407", "reference_id": "RHSA-2022:6407", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6407" }, { "reference_url": "https://usn.ubuntu.com/7351-1/", "reference_id": "USN-7351-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7351-1/" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/237359?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@4.5.10.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-dww4-f31f-h7az" }, { "vulnerability": "VCID-etyq-9yys-tkdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@4.5.10.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/73815?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@4.5.10", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@4.5.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/73814?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@4.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@4.6.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/237377?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@4.7.0.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-etyq-9yys-tkdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@4.7.0.Final" } ], "aliases": [ "CVE-2021-20289", "GHSA-244r-fcj3-ghjq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2thz-p7bw-7bdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13461?format=api", "vulnerability_id": "VCID-6265-k551-gyfv", "summary": "Uncontrolled Resource Consumption\nA vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14326.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14326.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65904", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65871", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65866", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65918", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65929", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65947", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00499", "scoring_system": "epss", "scoring_elements": "0.65934", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14326" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1855826" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "https://github.com/resteasy/Resteasy/pull/2471", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy/pull/2471" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210713-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210713-0001" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210713-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210713-0001/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14326", "reference_id": "CVE-2020-14326", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14326" }, { "reference_url": "https://github.com/advisories/GHSA-37g7-8vjj-pjpj", "reference_id": "GHSA-37g7-8vjj-pjpj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-37g7-8vjj-pjpj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3248", "reference_id": "RHSA-2020:3248", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3248" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5568", "reference_id": "RHSA-2020:5568", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5568" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4918", "reference_id": "RHSA-2021:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4918" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/237354?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@4.5.6.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-dww4-f31f-h7az" }, { "vulnerability": "VCID-etyq-9yys-tkdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@4.5.6.Final" } ], "aliases": [ "CVE-2020-14326", "GHSA-37g7-8vjj-pjpj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6265-k551-gyfv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45230?format=api", "vulnerability_id": "VCID-dww4-f31f-h7az", "summary": "A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20293.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20293.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20293", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60796", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60743", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60779", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60792", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60828", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60676", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.60807", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00402", "scoring_system": "epss", "scoring_elements": "0.6075", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20293" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1942819" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20293", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20293" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210727-0005", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210727-0005" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210727-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210727-0005/" }, { "reference_url": "https://github.com/advisories/GHSA-5h26-c766-g93v", "reference_id": "GHSA-5h26-c766-g93v", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5h26-c766-g93v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4100", "reference_id": "RHSA-2021:4100", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4100" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1029", "reference_id": "RHSA-2022:1029", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1029" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/237361?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@4.6.1.Alpha1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2thz-p7bw-7bdk" }, { "vulnerability": "VCID-etyq-9yys-tkdf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@4.6.1.Alpha1" }, { "url": "http://public2.vulnerablecode.io/api/packages/73814?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@4.6.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@4.6.1" } ], "aliases": [ "CVE-2021-20293", "GHSA-5h26-c766-g93v" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dww4-f31f-h7az" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16523?format=api", "vulnerability_id": "VCID-etyq-9yys-tkdf", "summary": "Insecure Temporary File in RESTEasy\nIn RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0482.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15498", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15563", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.156", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15633", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15578", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15492", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15625", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15693", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0482" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2166004" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0482", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0482" }, { "reference_url": "https://github.com/orgs/resteasy/discussions/3415", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/orgs/resteasy/discussions/3415" }, { "reference_url": "https://github.com/orgs/resteasy/discussions/3504", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/orgs/resteasy/discussions/3504" }, { "reference_url": "https://github.com/orgs/resteasy/discussions/3506", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/orgs/resteasy/discussions/3506" }, { "reference_url": "https://github.com/resteasy/resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy" }, { "reference_url": "https://github.com/resteasy/Resteasy", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/Resteasy" }, { "reference_url": "https://github.com/resteasy/resteasy/pull/3409", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy/pull/3409" }, { "reference_url": "https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T16:02:39Z/" } ], "url": "https://github.com/resteasy/resteasy/pull/3409/commits/807d7456f2137cde8ef7c316707211bf4e542d56" }, { "reference_url": "https://github.com/resteasy/resteasy/pull/3410", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy/pull/3410" }, { "reference_url": "https://github.com/resteasy/resteasy/pull/3412", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy/pull/3412" }, { "reference_url": "https://github.com/resteasy/resteasy/pull/3413", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy/pull/3413" }, { "reference_url": "https://github.com/resteasy/resteasy/pull/3423", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy/pull/3423" }, { "reference_url": "https://github.com/resteasy/resteasy/security/advisories/GHSA-2c6g-pfx3-w7h8", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/resteasy/resteasy/security/advisories/GHSA-2c6g-pfx3-w7h8" }, { "reference_url": "https://issues.redhat.com/browse/RESTEASY-3286", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://issues.redhat.com/browse/RESTEASY-3286" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0001", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0001" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031728", "reference_id": "1031728", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031728" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031729", "reference_id": "1031729", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031729" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482", "reference_id": "CVE-2023-0482", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0482" }, { "reference_url": "https://github.com/advisories/GHSA-2c6g-pfx3-w7h8", "reference_id": "GHSA-2c6g-pfx3-w7h8", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2c6g-pfx3-w7h8" }, { "reference_url": "https://github.com/advisories/GHSA-jrmh-v64j-mjm9", "reference_id": "GHSA-jrmh-v64j-mjm9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-jrmh-v64j-mjm9" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230427-0001/", "reference_id": "ntap-20230427-0001", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-18T16:02:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230427-0001/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2705", "reference_id": "RHSA-2023:2705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2705" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2706", "reference_id": "RHSA-2023:2706", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2706" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2707", "reference_id": "RHSA-2023:2707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2710", "reference_id": "RHSA-2023:2710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2713", "reference_id": "RHSA-2023:2713", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2713" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3185", "reference_id": "RHSA-2023:3185", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3185" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4983", "reference_id": "RHSA-2023:4983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5165", "reference_id": "RHSA-2023:5165", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6305", "reference_id": "RHSA-2023:6305", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6305" }, { "reference_url": "https://usn.ubuntu.com/7351-1/", "reference_id": "USN-7351-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7351-1/" }, { "reference_url": "https://usn.ubuntu.com/7630-1/", "reference_id": "USN-7630-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7630-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55997?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@4.7.8.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@4.7.8.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/55998?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@5.0.6.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@5.0.6.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/55999?format=api", "purl": "pkg:maven/org.jboss.resteasy/resteasy-core@6.2.3.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@6.2.3.Final" } ], "aliases": [ "CVE-2023-0482", "GHSA-2c6g-pfx3-w7h8", "GHSA-jrmh-v64j-mjm9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-etyq-9yys-tkdf" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-core@4.5.4.Final" }