CVE-2020-10688: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

June 15, 2021

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

References

github.com/advisories/GHSA-29qj-rvv6-qrmv
github.com/quarkusio/quarkus/issues/7248
nvd.nist.gov/vuln/detail/CVE-2020-10688

Detect and mitigate CVE-2020-10688 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →