{"id":"CVE-2020-10688","details":"A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.","aliases":["GHSA-29qj-rvv6-qrmv"],"modified":"2026-04-10T04:21:33.942796Z","published":"2021-05-27T19:15:07.643Z","references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210706-0008/"},{"type":"REPORT","url":"https://github.com/quarkusio/quarkus/issues/7248"},{"type":"REPORT","url":"https://issues.redhat.com/browse/RESTEASY-2519"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1814974"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libfuse/libfuse","events":[{"introduced":"0"},{"last_affected":"ce63733284dd6519d2f4ca03c6aa8a6caa328379"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.0"}]}},{"type":"GIT","repo":"https://github.com/resteasy/resteasy","events":[{"introduced":"0"},{"fixed":"bc148c497d96cd17cc89621634eff964c4ef1587"},{"introduced":"0b0bf1e93dd5276d99f19e6fbcb1f7df14a5795f"},{"fixed":"01f0c6f9e611badd7dd6d412ab339f98ae05e966"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.11.1"},{"introduced":"4.5.0"},{"fixed":"4.5.3"}]}}],"versions":["3.0-beta-1","3.0-beta-2","3.0-beta-3","3.0-beta-4","3.0-beta-5","3.0-beta-6","3.0-rc-1","3.0.0.Final","3.0.1.Final","3.0.10.Final","3.0.13.Final","3.0.14.Final","3.0.15.Final","3.0.16.Final","3.0.2","3.0.20.Final","3.0.21.Final","3.0.22.Final","3.0.23.Final","3.0.24.Final","3.0.4","3.0.5.Final","3.0.6.Final","3.0.7.Final","3.0.8.Final","3.0.9.Final","3.10.0.Final","3.11.0.Final","3.5.0.CR1","3.5.0.CR2","3.5.0.CR3","3.5.0.CR4","3.5.0.Final","3.5.1.Final","3.6.0.CR1","3.6.0.Final","3.6.1.Final","3.6.2.Final","3.6.3.Final","3.8.0.Final","4.5.0.Final","4.5.1.Final","4.5.2.Final","debian_version_0_95-1","debian_version_1_0-1","fuse_0_9","fuse_0_95","start"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10688.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}