CVE-2020-1695

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1695

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1695.json

Aliases

GHSA-63cq-ppq8-cw6g

Related

RLSA-2021:1775

Published

2020-05-19T15:15:11Z

Modified

2023-11-29T08:08:21.430862Z

Details

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

References

Affected packages

Git / github.com/resteasy/resteasy

Affected ranges

Type: GIT
Repo: https://github.com/resteasy/resteasy
Events: Introduced

42bfed9235eae7b33597c8aabe0e6e4f1741ea58

Fixed

7c36490823e8f5f57710cd7b2442851664da67b3

Introduced

6483e56fbe2419287a429c3a6c522122467093fe

Affected versions

3.*

3.0.0.Final

3.0.1.Final

3.0.10.Final

3.0.11.Final

3.0.12.Final

3.0.13.Final

3.0.14.Final

3.0.15.Final

3.0.16.Final

3.0.2

3.0.20.Final

3.0.21.Final

3.0.22.Final

3.0.23.Final

3.0.24.Final

3.0.4

3.0.5.Final

3.0.6.Final

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.1.0.Beta1

3.1.0.Beta2

3.1.0.CR1

3.1.0.CR2

3.1.0.CR3

3.10.0.Final

3.11.0.Final

3.5.0.CR1

3.5.0.CR2

3.5.0.CR3

3.5.0.CR4

3.5.0.Final

3.5.1.Final

3.6.0.CR1

3.6.0.Final

3.6.1.Final

3.6.2.Final

3.6.3.Final

3.8.0.Final