CVE-2020-10688

NameCVE-2020-10688
DescriptionA cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs970328, 1015001

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
resteasy (PTS)sid3.6.2-4vulnerable
resteasy3.0 (PTS)bullseye3.0.26-2vulnerable
forky, sid, bookworm, trixie3.0.26-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
resteasysource(unstable)(unfixed)970328
resteasy3.0source(unstable)3.0.26-41015001

Notes

[bullseye] - resteasy3.0 <no-dsa> (Minor issue)
[buster] - resteasy3.0 <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1814974
https://github.com/quarkusio/quarkus/issues/7248
https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
https://github.com/resteasy/Resteasy/pull/2320
https://github.com/resteasy/Resteasy/commit/3fe881cf945c06bdb16895fbc73bc620694d2ba7 (4.6.0.Final)
Search for package or bug name: Reporting problems