Search for packages
| purl | pkg:maven/org.jboss.resteasy/resteasy-core@3.11.0.Final |
| Tags | Ghost |
| Next non-vulnerable version | 4.7.8.Final |
| Latest non-vulnerable version | 6.2.3.Final |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-qktn-umfn-dkhv
Aliases: CVE-2020-10688 GHSA-29qj-rvv6-qrmv |
Cross-site scripting in RESTEasy A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T16:57:28.220056+00:00 | GHSA Importer | Affected by | VCID-qktn-umfn-dkhv | https://github.com/advisories/GHSA-29qj-rvv6-qrmv | 38.1.0 |
| 2026-04-02T12:39:01.209402+00:00 | GitLab Importer | Affected by | VCID-qktn-umfn-dkhv | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.jboss.resteasy/resteasy-core/CVE-2020-10688.yml | 38.0.0 |