CVE-2020-10688: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

June 15, 2021

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

References

bugzilla.redhat.com/show_bug.cgi?id=1814974
github.com/advisories/GHSA-29qj-rvv6-qrmv
github.com/quarkusio/quarkus/issues/7248
issues.redhat.com/browse/RESTEASY-2519
nvd.nist.gov/vuln/detail/CVE-2020-10688

Code Behaviors & Features

Detect and mitigate CVE-2020-10688 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →