Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.5.0.CR1

Type maven

Namespace org.jboss.resteasy

Name resteasy-jaxrs

Version 3.5.0.CR1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.14.0.Final

Latest_non_vulnerable_version 3.15.2.Final

Affected_by_vulnerabilities

url VCID-2thz-p7bw-7bdk

vulnerability_id VCID-2thz-p7bw-7bdk

summary

Exposure of class information in RESTEasy
A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-20289

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24432
published_at	2026-04-21T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25264
published_at	2026-04-01T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.2534
published_at	2026-04-02T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.2538
published_at	2026-04-04T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25157
published_at	2026-04-07T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25227
published_at	2026-04-08T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25272
published_at	2026-04-09T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25287
published_at	2026-04-11T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25244
published_at	2026-04-12T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.25191
published_at	2026-04-13T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.252
published_at	2026-04-16T12:55:00Z

value	0.00088
scoring_system	epss
scoring_elements	0.2519
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-20289

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1935927

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1941544

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1941544

reference_url

https://issues.redhat.com/browse/RESTEASY-2843

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/RESTEASY-2843

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-20289

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-20289

reference_url

https://security.netapp.com/advisory/ntap-20210528-0008

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210528-0008

reference_url	https://security.netapp.com/advisory/ntap-20210528-0008/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210528-0008/

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://github.com/advisories/GHSA-244r-fcj3-ghjq

reference_id

GHSA-244r-fcj3-ghjq

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-244r-fcj3-ghjq

reference_url	https://access.redhat.com/errata/RHSA-2021:3700
reference_id	RHSA-2021:3700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3700

reference_url	https://access.redhat.com/errata/RHSA-2021:3880
reference_id	RHSA-2021:3880
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:3880

reference_url	https://access.redhat.com/errata/RHSA-2021:4100
reference_id	RHSA-2021:4100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4100

reference_url	https://access.redhat.com/errata/RHSA-2021:4676
reference_id	RHSA-2021:4676
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4676

reference_url	https://access.redhat.com/errata/RHSA-2021:4677
reference_id	RHSA-2021:4677
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4677

reference_url	https://access.redhat.com/errata/RHSA-2021:4679
reference_id	RHSA-2021:4679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4679

reference_url	https://access.redhat.com/errata/RHSA-2021:4767
reference_id	RHSA-2021:4767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4767

reference_url	https://access.redhat.com/errata/RHSA-2021:5149
reference_id	RHSA-2021:5149
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5149

reference_url	https://access.redhat.com/errata/RHSA-2021:5150
reference_id	RHSA-2021:5150
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5150

reference_url	https://access.redhat.com/errata/RHSA-2021:5151
reference_id	RHSA-2021:5151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5151

reference_url	https://access.redhat.com/errata/RHSA-2021:5154
reference_id	RHSA-2021:5154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5154

reference_url	https://access.redhat.com/errata/RHSA-2021:5170
reference_id	RHSA-2021:5170
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:5170

reference_url	https://access.redhat.com/errata/RHSA-2022:0146
reference_id	RHSA-2022:0146
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0146

reference_url	https://access.redhat.com/errata/RHSA-2022:0151
reference_id	RHSA-2022:0151
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0151

reference_url	https://access.redhat.com/errata/RHSA-2022:0152
reference_id	RHSA-2022:0152
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0152

reference_url	https://access.redhat.com/errata/RHSA-2022:0155
reference_id	RHSA-2022:0155
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0155

reference_url	https://access.redhat.com/errata/RHSA-2022:0164
reference_id	RHSA-2022:0164
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:0164

reference_url	https://access.redhat.com/errata/RHSA-2022:1179
reference_id	RHSA-2022:1179
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:1179

reference_url	https://access.redhat.com/errata/RHSA-2022:6407
reference_id	RHSA-2022:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6407

reference_url	https://usn.ubuntu.com/7351-1/
reference_id	USN-7351-1
reference_type
scores
url	https://usn.ubuntu.com/7351-1/

reference_url	https://usn.ubuntu.com/7630-1/
reference_id	USN-7630-1
reference_type
scores
url	https://usn.ubuntu.com/7630-1/

fixed_packages

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.5.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.5.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-54ek-p545-k3fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.5.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.2.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.2.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.2.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.10.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.10.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.10.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.7.0.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.7.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.7.0.Final

aliases CVE-2021-20289, GHSA-244r-fcj3-ghjq

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2thz-p7bw-7bdk

url VCID-54ek-p545-k3fj

vulnerability_id VCID-54ek-p545-k3fj

summary

Generation of Error Message Containing Sensitive Information in RESTEasy client
A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25633.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25633.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25633

reference_id

reference_type

scores

value	0.00193
scoring_system	epss
scoring_elements	0.41236
published_at	2026-04-21T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45533
published_at	2026-04-02T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45555
published_at	2026-04-04T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45502
published_at	2026-04-07T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45556
published_at	2026-04-08T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45557
published_at	2026-04-09T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45578
published_at	2026-04-11T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45548
published_at	2026-04-12T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45554
published_at	2026-04-13T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45602
published_at	2026-04-16T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45598
published_at	2026-04-18T12:55:00Z

value	0.00228
scoring_system	epss
scoring_elements	0.45458
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25633

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25633

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25633
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25633

reference_url

https://github.com/resteasy/Resteasy/pull/2665/commits/13c808b5967242eec1e877edbc0014a84dcd6eb0

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/Resteasy/pull/2665/commits/13c808b5967242eec1e877edbc0014a84dcd6eb0

reference_url

https://issues.redhat.com/browse/RESTEASY-2820

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/RESTEASY-2820

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-25633

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-25633

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014983
reference_id	1014983
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014983

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1879042
reference_id	1879042
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1879042

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970585
reference_id	970585
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970585

reference_url

https://github.com/advisories/GHSA-hr32-mgpm-qf2f

reference_id

GHSA-hr32-mgpm-qf2f

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hr32-mgpm-qf2f

reference_url	https://access.redhat.com/errata/RHSA-2021:0246
reference_id	RHSA-2021:0246
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0246

reference_url	https://access.redhat.com/errata/RHSA-2021:0247
reference_id	RHSA-2021:0247
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0247

reference_url	https://access.redhat.com/errata/RHSA-2021:0248
reference_id	RHSA-2021:0248
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0248

reference_url	https://access.redhat.com/errata/RHSA-2021:0250
reference_id	RHSA-2021:0250
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0250

reference_url	https://access.redhat.com/errata/RHSA-2021:0295
reference_id	RHSA-2021:0295
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0295

reference_url	https://access.redhat.com/errata/RHSA-2021:0327
reference_id	RHSA-2021:0327
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0327

reference_url	https://access.redhat.com/errata/RHSA-2021:1004
reference_id	RHSA-2021:1004
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1004

reference_url	https://access.redhat.com/errata/RHSA-2021:1313
reference_id	RHSA-2021:1313
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1313

reference_url	https://access.redhat.com/errata/RHSA-2021:2858
reference_id	RHSA-2021:2858
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2858

reference_url	https://usn.ubuntu.com/7351-1/
reference_id	USN-7351-1
reference_type
scores
url	https://usn.ubuntu.com/7351-1/

reference_url	https://usn.ubuntu.com/7630-1/
reference_id	USN-7630-1
reference_type
scores
url	https://usn.ubuntu.com/7630-1/

fixed_packages

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.14.0.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.14.0.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.14.0.Final

aliases CVE-2020-25633, GHSA-hr32-mgpm-qf2f

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-54ek-p545-k3fj

url VCID-qktn-umfn-dkhv

vulnerability_id VCID-qktn-umfn-dkhv

summary

Cross-site scripting in RESTEasy
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10688.json

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10688.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10688

reference_id

reference_type

scores

value	0.00222
scoring_system	epss
scoring_elements	0.44876
published_at	2026-04-18T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44883
published_at	2026-04-16T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44846
published_at	2026-04-04T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.4484
published_at	2026-04-08T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44825
published_at	2026-04-02T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44787
published_at	2026-04-07T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.4483
published_at	2026-04-13T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44828
published_at	2026-04-12T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44859
published_at	2026-04-11T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44842
published_at	2026-04-09T12:55:00Z

value	0.00222
scoring_system	epss
scoring_elements	0.44745
published_at	2026-04-01T12:55:00Z

value	0.00455
scoring_system	epss
scoring_elements	0.63871
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10688

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1814974

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1814974

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10688
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10688

reference_url

https://github.com/quarkusio/quarkus/issues/7248

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/quarkusio/quarkus/issues/7248

reference_url

https://issues.redhat.com/browse/RESTEASY-2519

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://issues.redhat.com/browse/RESTEASY-2519

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-10688

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-10688

reference_url

https://security.netapp.com/advisory/ntap-20210706-0008

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210706-0008

reference_url	https://security.netapp.com/advisory/ntap-20210706-0008/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210706-0008/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015001
reference_id	1015001
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1015001

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970328
reference_id	970328
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970328

reference_url

https://github.com/advisories/GHSA-29qj-rvv6-qrmv

reference_id

GHSA-29qj-rvv6-qrmv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-29qj-rvv6-qrmv

reference_url	https://access.redhat.com/errata/RHSA-2020:2333
reference_id	RHSA-2020:2333
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2333

reference_url	https://access.redhat.com/errata/RHSA-2020:2511
reference_id	RHSA-2020:2511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2511

reference_url	https://access.redhat.com/errata/RHSA-2020:2512
reference_id	RHSA-2020:2512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2512

reference_url	https://access.redhat.com/errata/RHSA-2020:2513
reference_id	RHSA-2020:2513
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2513

reference_url	https://access.redhat.com/errata/RHSA-2020:2515
reference_id	RHSA-2020:2515
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2515

reference_url	https://access.redhat.com/errata/RHSA-2020:2905
reference_id	RHSA-2020:2905
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:2905

reference_url	https://access.redhat.com/errata/RHSA-2020:3806
reference_id	RHSA-2020:3806
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3806

reference_url	https://usn.ubuntu.com/7351-1/
reference_id	USN-7351-1
reference_type
scores
url	https://usn.ubuntu.com/7351-1/

reference_url	https://usn.ubuntu.com/7630-1/
reference_id	USN-7630-1
reference_type
scores
url	https://usn.ubuntu.com/7630-1/

fixed_packages

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.1.Final

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.1.Final

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2thz-p7bw-7bdk

vulnerability	VCID-54ek-p545-k3fj

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.11.1.Final

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.3
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@4.5.3

aliases CVE-2020-10688, GHSA-29qj-rvv6-qrmv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qktn-umfn-dkhv

Fixing_vulnerabilities

url VCID-6qhb-4jya-hffz

vulnerability_id VCID-6qhb-4jya-hffz

summary

Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP
Red Hat JBoss EAP version 3.0.7.Final until 3.0.25.Final, 3.5.0.CR1, and 4.0.0.Beta1 is vulnerable to a server-side cache poisoning or CORS requests in the JAX-RS component resulting in a moderate impact.

references

reference_url

https://access.redhat.com/errata/RHSA-2018:0002

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0002

reference_url

https://access.redhat.com/errata/RHSA-2018:0003

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0003

reference_url

https://access.redhat.com/errata/RHSA-2018:0004

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0004

reference_url

https://access.redhat.com/errata/RHSA-2018:0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0005

reference_url

https://access.redhat.com/errata/RHSA-2018:0478

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0478

reference_url

https://access.redhat.com/errata/RHSA-2018:0479

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0479

reference_url

https://access.redhat.com/errata/RHSA-2018:0480

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0480

reference_url

https://access.redhat.com/errata/RHSA-2018:0481

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/errata/RHSA-2018:0481

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7561.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7561.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-7561

reference_id

reference_type

scores

value	0.01074
scoring_system	epss
scoring_elements	0.77799
published_at	2026-04-21T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77743
published_at	2026-04-04T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77727
published_at	2026-04-07T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77754
published_at	2026-04-08T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77759
published_at	2026-04-09T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77786
published_at	2026-04-11T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.7777
published_at	2026-04-12T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77769
published_at	2026-04-13T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77806
published_at	2026-04-16T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77805
published_at	2026-04-18T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.7771
published_at	2026-04-01T12:55:00Z

value	0.01074
scoring_system	epss
scoring_elements	0.77716
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-7561

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7561
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7561

reference_url

https://github.com/resteasy/Resteasy

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/resteasy/Resteasy

reference_url

https://issues.jboss.org/browse/RESTEASY-1704

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://issues.jboss.org/browse/RESTEASY-1704

reference_url	http://www.securityfocus.com/bid/100465
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100465

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1483823
reference_id	1483823
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1483823

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873392
reference_id	873392
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=873392

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908836
reference_id	908836
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908836

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.7:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.0.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.13:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.2.9:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:::::::*
reference_id	cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_application_platform:3.5.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-7561

reference_id

CVE-2017-7561

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-7561

reference_url

https://github.com/advisories/GHSA-57q5-x8jf-g7h8

reference_id

GHSA-57q5-x8jf-g7h8

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-57q5-x8jf-g7h8

fixed_packages

url	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.0.25.Final
purl	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.0.25.Final
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.0.25.Final

url pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.5.0.CR1

purl pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.5.0.CR1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2thz-p7bw-7bdk

vulnerability	VCID-54ek-p545-k3fj

vulnerability	VCID-qktn-umfn-dkhv

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.5.0.CR1

aliases CVE-2017-7561, GHSA-57q5-x8jf-g7h8

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6qhb-4jya-hffz

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.5.0.CR1

Package Instance