Under certain conditions and certain workloads, Resteasy can provide an incorrect response to an HTTP request. An attacker could use this to gain access to privileged information.
This issue has been addressed in the following products: Red Hat build of Quarkus Via RHSA-2021:1004 https://access.redhat.com/errata/RHSA-2021:1004
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-25724