CVE-2020-1695

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-1695

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-1695.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-1695

Aliases

GHSA-63cq-ppq8-cw6g

Related

Published

2020-05-19T15:15:11Z

Modified

2024-09-18T03:08:08.249019Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

References

Affected packages

Debian:11 / resteasy3.0

Package

Name: resteasy3.0
Purl: pkg:deb/debian/resteasy3.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.26-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / resteasy3.0

Package

Name: resteasy3.0
Purl: pkg:deb/debian/resteasy3.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.26-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / resteasy3.0

Package

Name: resteasy3.0
Purl: pkg:deb/debian/resteasy3.0?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.26-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/resteasy/resteasy

Affected ranges

Type: GIT
Repo: https://github.com/resteasy/resteasy
Events: Introduced

42bfed9235eae7b33597c8aabe0e6e4f1741ea58

Fixed

7c36490823e8f5f57710cd7b2442851664da67b3

Affected versions

3.*

3.0.0.Final

3.0.1.Final

3.0.10.Final

3.0.11.Final

3.0.12.Final

3.0.13.Final

3.0.14.Final

3.0.15.Final

3.0.16.Final

3.0.2

3.0.20.Final

3.0.21.Final

3.0.22.Final

3.0.23.Final

3.0.24.Final

3.0.4

3.0.5.Final

3.0.6.Final

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.1.0.Beta1

3.1.0.Beta2

3.1.0.CR1

3.1.0.CR2

3.1.0.CR3

3.10.0.Final

3.11.0.Final

3.5.0.CR1

3.5.0.CR2

3.5.0.CR3

3.5.0.CR4

3.5.0.Final

3.5.1.Final

3.6.0.CR1

3.6.0.Final

3.6.1.Final

3.6.2.Final

3.6.3.Final

3.8.0.Final