Description
A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
References (2)
Core 2
Core References
Issue Tracking, Vendor Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1899354
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20210702-0003/
Scores
CVSS v3
4.3
EPSS
0.0013
EPSS Percentile
32.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-567
Status
published
Products (4)
org.jboss.resteasy/resteasy-bom
0 - 2.0-beta-2Maven
quarkus/quarkus
< 1.11.2
redhat/resteasy
2.0.0 alpha1 (2 CPE variants)
redhat/resteasy
< 2.0.0
Published
May 26, 2021
Tracked Since
Feb 18, 2026