VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-2thz-p7bw-7bdk

Essentials
Severities (29)
References (31)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2thz-p7bw-7bdk
Aliases	CVE-2021-20289 GHSA-244r-fcj3-ghjq
Summary	Exposure of class information in RESTEasy A flaw was found in RESTEasy in all current versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-209	Generation of Error Message Containing Sensitive Information
CWE-668	Exposure of Resource to Wrong Sphere
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3	5.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00084	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
epss	0.00088	https://api.first.org/data/v1/epss?cve=CVE-2021-20289
cvssv3.1	5.3	https://bugzilla.redhat.com/show_bug.cgi?id=1935927
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=1935927
cvssv3.1	5.3	https://bugzilla.redhat.com/show_bug.cgi?id=1941544
generic_textual	MODERATE	https://bugzilla.redhat.com/show_bug.cgi?id=1941544
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-244r-fcj3-ghjq
cvssv3.1	5.3	https://issues.redhat.com/browse/RESTEASY-2843
generic_textual	MODERATE	https://issues.redhat.com/browse/RESTEASY-2843
cvssv3.1	5.3	https://nvd.nist.gov/vuln/detail/CVE-2021-20289
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2021-20289
cvssv3.1	5.3	https://security.netapp.com/advisory/ntap-20210528-0008
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20210528-0008
cvssv3.1	5.3	https://www.oracle.com/security-alerts/cpuapr2022.html
generic_textual	MODERATE	https://www.oracle.com/security-alerts/cpuapr2022.html

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-20289
		https://bugzilla.redhat.com/show_bug.cgi?id=1935927
		https://bugzilla.redhat.com/show_bug.cgi?id=1941544
		https://issues.redhat.com/browse/RESTEASY-2843
		https://nvd.nist.gov/vuln/detail/CVE-2021-20289
		https://security.netapp.com/advisory/ntap-20210528-0008
		https://security.netapp.com/advisory/ntap-20210528-0008/
		https://www.oracle.com/security-alerts/cpuapr2022.html
GHSA-244r-fcj3-ghjq		https://github.com/advisories/GHSA-244r-fcj3-ghjq
RHSA-2021:3700		https://access.redhat.com/errata/RHSA-2021:3700
RHSA-2021:3880		https://access.redhat.com/errata/RHSA-2021:3880
RHSA-2021:4100		https://access.redhat.com/errata/RHSA-2021:4100
RHSA-2021:4676		https://access.redhat.com/errata/RHSA-2021:4676
RHSA-2021:4677		https://access.redhat.com/errata/RHSA-2021:4677
RHSA-2021:4679		https://access.redhat.com/errata/RHSA-2021:4679
RHSA-2021:4767		https://access.redhat.com/errata/RHSA-2021:4767
RHSA-2021:5149		https://access.redhat.com/errata/RHSA-2021:5149
RHSA-2021:5150		https://access.redhat.com/errata/RHSA-2021:5150
RHSA-2021:5151		https://access.redhat.com/errata/RHSA-2021:5151
RHSA-2021:5154		https://access.redhat.com/errata/RHSA-2021:5154
RHSA-2021:5170		https://access.redhat.com/errata/RHSA-2021:5170
RHSA-2022:0146		https://access.redhat.com/errata/RHSA-2022:0146
RHSA-2022:0151		https://access.redhat.com/errata/RHSA-2022:0151
RHSA-2022:0152		https://access.redhat.com/errata/RHSA-2022:0152
RHSA-2022:0155		https://access.redhat.com/errata/RHSA-2022:0155
RHSA-2022:0164		https://access.redhat.com/errata/RHSA-2022:0164
RHSA-2022:1179		https://access.redhat.com/errata/RHSA-2022:1179
RHSA-2022:6407		https://access.redhat.com/errata/RHSA-2022:6407
USN-7351-1		https://usn.ubuntu.com/7351-1/
USN-7630-1		https://usn.ubuntu.com/7630-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20289.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1935927

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=1941544

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://issues.redhat.com/browse/RESTEASY-2843

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2021-20289

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20210528-0008

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://www.oracle.com/security-alerts/cpuapr2022.html

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.24432
EPSS Score	0.00084
Published At	April 21, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:00:43.990048+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-244r-fcj3-ghjq/GHSA-244r-fcj3-ghjq.json	38.0.0