An update for resteasy is now available for openEuler-20.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1231 Final 1.0 1.0 2021-06-22 Initial 2021-06-22 2021-06-22 openEuler SA Tool V1.0 2021-06-22 resteasy security update An update for resteasy is now available for openEuler-20.03-LTS-SP1. %global desc \ RESTEasy contains a JBoss project that provides frameworks to help\ build RESTful Web Services and RESTful Java applications. It is a fully\ certified and portable implementation of the JAX-RS specification. \ %global extdesc \\ \ This package contains Security Fix(es): A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.(CVE-2020-10688) An update for resteasy is now available for openEuler-20.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium resteasy https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1231 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-10688 https://nvd.nist.gov/vuln/detail/CVE-2020-10688 openEuler-20.03-LTS-SP1 resteasy-atom-provider-3.0.19-4.oe1.noarch.rpm resteasy-jettison-provider-3.0.19-4.oe1.noarch.rpm resteasy-netty3-3.0.19-4.oe1.noarch.rpm resteasy-jaxb-provider-3.0.19-4.oe1.noarch.rpm resteasy-test-3.0.19-4.oe1.noarch.rpm resteasy-client-3.0.19-4.oe1.noarch.rpm resteasy-optional-3.0.19-4.oe1.noarch.rpm resteasy-validator-provider-11-3.0.19-4.oe1.noarch.rpm resteasy-yaml-provider-3.0.19-4.oe1.noarch.rpm resteasy-json-p-provider-3.0.19-4.oe1.noarch.rpm resteasy-javadoc-3.0.19-4.oe1.noarch.rpm resteasy-multipart-provider-3.0.19-4.oe1.noarch.rpm resteasy-jackson-provider-3.0.19-4.oe1.noarch.rpm resteasy-jackson2-provider-3.0.19-4.oe1.noarch.rpm resteasy-core-3.0.19-4.oe1.noarch.rpm resteasy-3.0.19-4.oe1.noarch.rpm resteasy-3.0.19-4.oe1.src.rpm A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack. 2021-06-22 CVE-2020-10688 openEuler-20.03-LTS-SP1 Medium 6.1 AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N resteasy security update 2021-06-22 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1231