VDB
CVE-2021-20293
CVE-2021-20293
REJECTED
A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity.
EPSS 0.11% · 29.5th percentile
Risk Scores
EPSS Score
0.11%
29.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:24.04:LTS | resteasy3.0 | 3.0.26-6, 0, 3.0.26-6ubuntu0.24.04.1 |
| Ubuntu:22.04:LTS | resteasy | 3.6.2-2, 0 |
| Ubuntu:22.04:LTS | resteasy3.0 | 0, 3.0.26-2, 3.0.26-3 |
| Ubuntu:Pro:20.04:LTS | resteasy3.0 | 3.0.26-1, 0, 3.0.26-1ubuntu0.1~esm1 |
| Ubuntu:25.04 | resteasy | 3.6.2-2, 3.6.2-3ubuntu0.25.04.1, 0 |
| Ubuntu:25.04 | resteasy3.0 | 0, 3.0.26-6ubuntu0.25.04.1, 3.0.26-6 |
| Ubuntu:24.04:LTS | resteasy | 0, 3.6.2-2 |
| Ubuntu:Pro:18.04:LTS | resteasy3.0 | 3.0.26-1~18.04, 3.0.19-2, 0 |
| Ubuntu:Pro:20.04:LTS | resteasy | 3.6.2-2ubuntu0.20.04.1~esm1, 3.6.2-2, 0 |
| Ubuntu:Pro:16.04:LTS | resteasy | *, 3.0.6-3, 0 |
Timeline
- Jun 10, 2021 CVE Published
- Jun 11, 2021 EPSS Score
- Aug 12, 2021 EPSS Score
- Aug 31, 2021 CVE Updated
- Oct 12, 2021 EPSS Score
- Dec 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 12, 2022 EPSS Score
- Jun 12, 2022 EPSS Score
- Aug 12, 2022 EPSS Score
- Oct 12, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-20293 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1942819 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-20293 third-party-advisory