VDB
CVE-2020-10688
CVE-2020-10688
PUBLISHED
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
EPSS 0.34% · 57.2th percentile
Risk Scores
EPSS Score
0.34%
57.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:25.10 | resteasy | 3.6.2-3, 0 |
| Ubuntu:22.04:LTS | resteasy3.0 | 3.0.26-2, 3.0.26-3, 0 |
| Ubuntu:Pro:20.04:LTS | resteasy | 0, 3.6.2-2 |
| Ubuntu:Pro:22.04:LTS | resteasy | 0, 3.6.2-2 |
| Ubuntu:Pro:20.04:LTS | resteasy3.0 | 0, 3.0.26-1 |
| Ubuntu:Pro:24.04:LTS | resteasy | 0, 3.6.2-2 |
| Ubuntu:Pro:16.04:LTS | resteasy | 3.0.6-3, 0 |
| Ubuntu:Pro:18.04:LTS | resteasy3.0 | 3.0.26-1~18.04, 3.0.19-2, 3.0.19-1 |
Timeline
- Jun 11, 2020 CVE Published
- May 28, 2021 EPSS Score
- Jul 6, 2021 CVE Updated
- Jul 30, 2021 EPSS Score
- Sep 29, 2021 EPSS Score
- Nov 29, 2021 EPSS Score
- Jan 30, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jun 1, 2022 EPSS Score
- Aug 2, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Dec 2, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-10688 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1814974 third-party-advisory
- https://github.com/quarkusio/quarkus/issues/7248 third-party-advisory
- https://issues.redhat.com/browse/RESTEASY-2519 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-10688 third-party-advisory
- https://ubuntu.com/security/notices/USN-7351-1 vendor-advisory
- https://ubuntu.com/security/notices/USN-7630-1 vendor-advisory