CVE-2020-10688

A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4.5.3.Final, where it did not properly handle URL encoding when the RESTEASY003870 exception occurs. An attacker could use this flaw to launch a reflected XSS attack.

References

Affected packages

Git / github.com/libfuse/libfuse

Affected ranges

Type

GIT

Repo

https://github.com/libfuse/libfuse

Events

Introduced

Last affected

ce63733284dd6519d2f4ca03c6aa8a6caa328379

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.0"
        }
    ]
}

Type

GIT

Repo

https://github.com/resteasy/resteasy

Events

Introduced

Fixed

bc148c497d96cd17cc89621634eff964c4ef1587

Introduced

0b0bf1e93dd5276d99f19e6fbcb1f7df14a5795f

Fixed

01f0c6f9e611badd7dd6d412ab339f98ae05e966

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.11.1"
        },
        {
            "introduced": "4.5.0"
        },
        {
            "fixed": "4.5.3"
        }
    ]
}

Affected versions

4.*

4.5.0.Final

4.5.1.Final

4.5.2.Final

Other

debian_version_0_95-1

debian_version_1_0-1

fuse_0_9

fuse_0_95

start

Database specific

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "7.4"
            }
        ]
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10688.json"