VulnerableCode Package Details - pkg:maven/org.jboss.resteasy/resteasy-bom@3.11.1.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-6265-k551-gyfv Aliases: CVE-2020-14326 GHSA-37g7-8vjj-pjpj	Uncontrolled Resource Consumption A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.	4.5.6.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-dww4-f31f-h7az Aliases: CVE-2021-20293 GHSA-5h26-c766-g93v	A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.	4.6.1.Alpha1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6265-k551-gyfv
Aliases:
CVE-2020-14326
GHSA-37g7-8vjj-pjpj

Uncontrolled Resource Consumption A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service.

4.5.6.Final
Affected by 1 other vulnerability.

VCID-dww4-f31f-h7az
Aliases:
CVE-2021-20293
GHSA-5h26-c766-g93v

A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.

4.6.1.Alpha1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-qktn-umfn-dkhv	Cross-site scripting in RESTEasy A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.	CVE-2020-10688 GHSA-29qj-rvv6-qrmv

Vulnerability

Summary

Aliases

VCID-qktn-umfn-dkhv

Cross-site scripting in RESTEasy A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

CVE-2020-10688
GHSA-29qj-rvv6-qrmv

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:43:11.409860+00:00	GitLab Importer	Affected by	VCID-6265-k551-gyfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2020-14326.yml	38.4.0
2026-04-16T21:26:14.696402+00:00	GitLab Importer	Fixing	VCID-qktn-umfn-dkhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2020-10688.yml	38.4.0
2026-04-16T21:26:13.443688+00:00	GitLab Importer	Affected by	VCID-dww4-f31f-h7az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2021-20293.yml	38.4.0
2026-04-11T22:58:46.119823+00:00	GitLab Importer	Affected by	VCID-6265-k551-gyfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2020-14326.yml	38.3.0
2026-04-11T22:39:06.954853+00:00	GitLab Importer	Fixing	VCID-qktn-umfn-dkhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2020-10688.yml	38.3.0
2026-04-11T22:39:05.559410+00:00	GitLab Importer	Affected by	VCID-dww4-f31f-h7az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2021-20293.yml	38.3.0
2026-04-02T23:07:32.328175+00:00	GitLab Importer	Affected by	VCID-6265-k551-gyfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2020-14326.yml	38.1.0
2026-04-02T22:49:43.282708+00:00	GitLab Importer	Fixing	VCID-qktn-umfn-dkhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2020-10688.yml	38.1.0
2026-04-02T22:49:42.074249+00:00	GitLab Importer	Affected by	VCID-dww4-f31f-h7az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2021-20293.yml	38.1.0
2026-04-02T16:57:28.251276+00:00	GHSA Importer	Fixing	VCID-qktn-umfn-dkhv	https://github.com/advisories/GHSA-29qj-rvv6-qrmv	38.1.0
2026-04-01T17:26:52.359453+00:00	GitLab Importer	Affected by	VCID-6265-k551-gyfv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2020-14326.yml	38.0.0
2026-04-01T17:07:39.430031+00:00	GitLab Importer	Fixing	VCID-qktn-umfn-dkhv	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2020-10688.yml	38.0.0
2026-04-01T17:07:37.513848+00:00	GitLab Importer	Affected by	VCID-dww4-f31f-h7az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2021-20293.yml	38.0.0
2026-04-01T13:02:20.428088+00:00	GithubOSV Importer	Fixing	VCID-qktn-umfn-dkhv	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/06/GHSA-29qj-rvv6-qrmv/GHSA-29qj-rvv6-qrmv.json	38.0.0