CVE-2021-20289: A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are retu
mediumvulnerability
security
Summary
CVE-2021-20289 is a flaw in RESTEasy (a framework for building web services) versions up to 4.6.0.Final where error messages expose sensitive information about the internal code. When RESTEasy cannot process certain parts of a request, it returns the class and method names of the endpoint in its error response, which could leak details about how the application is structured (CWE-209, generation of error messages containing sensitive information).
Vulnerability Details
CVSS Score
5.3(medium)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
PII Leakage
Attack SophisticationTrivial
Impact (CIA+S)
confidentiality
AI Component TargetedAPI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2021-20289
First tracked: February 15, 2026 at 08:43 PM
Classified by LLM (prompt v3) · confidence: 65%