VulnerableCode Package Details - pkg:maven/org.jboss.resteasy/resteasy-bom@4.5.12.Final

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.jboss.resteasy/resteasy-bom@4.5.12.Final

purl	pkg:maven/org.jboss.resteasy/resteasy-bom@4.5.12.Final

Next non-vulnerable version	4.6.1.Alpha1
Latest non-vulnerable version	4.6.1.Alpha1
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-dww4-f31f-h7az Aliases: CVE-2021-20293 GHSA-5h26-c766-g93v	A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.	4.6.1.Alpha1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:26:13.613631+00:00	GitLab Importer	Affected by	VCID-dww4-f31f-h7az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2021-20293.yml	38.4.0
2026-04-11T22:39:05.764368+00:00	GitLab Importer	Affected by	VCID-dww4-f31f-h7az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2021-20293.yml	38.3.0
2026-04-02T22:49:42.247587+00:00	GitLab Importer	Affected by	VCID-dww4-f31f-h7az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2021-20293.yml	38.1.0
2026-04-01T17:07:37.756511+00:00	GitLab Importer	Affected by	VCID-dww4-f31f-h7az	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-bom/CVE-2021-20293.yml	38.0.0