CVE-2020-25724

NameCVE-2020-25724
DescriptionA flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
resteasy (PTS)jessie3.0.6-2vulnerable
sid3.6.2-3fixed
resteasy3.0 (PTS)buster3.0.26-1fixed
bullseye3.0.26-2fixed
sid, trixie, bookworm3.0.26-6fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
resteasysourcejessie(unfixed)end-of-life
resteasysource(unstable)(not affected)
resteasy3.0source(unstable)(not affected)

Notes

- resteasy <not-affected> (Fixed before initial upload to archive)
- resteasy3.0 <not-affected> (Fixed before initial upload to archive)
https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM)
https://security.snyk.io/vuln/SNYK-JAVA-IOQUARKUS-1300848

Search for package or bug name: Reporting problems