An update for resteasy is now available for openEuler-20.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2021-1231
Final
1.0
1.0
2021-06-22
Initial
2021-06-22
2021-06-22
openEuler SA Tool V1.0
2021-06-22
resteasy security update
An update for resteasy is now available for openEuler-20.03-LTS-SP1.
%global desc \ RESTEasy contains a JBoss project that provides frameworks to help\ build RESTful Web Services and RESTful Java applications. It is a fully\ certified and portable implementation of the JAX-RS specification. \ %global extdesc \\ \ This package contains
Security Fix(es):
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.(CVE-2020-10688)
An update for resteasy is now available for openEuler-20.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Medium
resteasy
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1231
https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-10688
https://nvd.nist.gov/vuln/detail/CVE-2020-10688
openEuler-20.03-LTS-SP1
resteasy-atom-provider-3.0.19-4.oe1.noarch.rpm
resteasy-jettison-provider-3.0.19-4.oe1.noarch.rpm
resteasy-netty3-3.0.19-4.oe1.noarch.rpm
resteasy-jaxb-provider-3.0.19-4.oe1.noarch.rpm
resteasy-test-3.0.19-4.oe1.noarch.rpm
resteasy-client-3.0.19-4.oe1.noarch.rpm
resteasy-optional-3.0.19-4.oe1.noarch.rpm
resteasy-validator-provider-11-3.0.19-4.oe1.noarch.rpm
resteasy-yaml-provider-3.0.19-4.oe1.noarch.rpm
resteasy-json-p-provider-3.0.19-4.oe1.noarch.rpm
resteasy-javadoc-3.0.19-4.oe1.noarch.rpm
resteasy-multipart-provider-3.0.19-4.oe1.noarch.rpm
resteasy-jackson-provider-3.0.19-4.oe1.noarch.rpm
resteasy-jackson2-provider-3.0.19-4.oe1.noarch.rpm
resteasy-core-3.0.19-4.oe1.noarch.rpm
resteasy-3.0.19-4.oe1.noarch.rpm
resteasy-3.0.19-4.oe1.src.rpm
A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.
2021-06-22
CVE-2020-10688
openEuler-20.03-LTS-SP1
Medium
6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
resteasy security update
2021-06-22
https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1231