GHSA-63cq-ppq8-cw6g

Source

https://github.com/advisories/GHSA-63cq-ppq8-cw6g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-63cq-ppq8-cw6g/GHSA-63cq-ppq8-cw6g.json

Aliases

CVE-2020-1695

Published

2022-05-24T22:01:21Z

Modified

2024-02-21T05:33:30.243930Z

Details

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

References

Affected packages

Maven / org.jboss.resteasy:resteasy-client

Package

Name: org.jboss.resteasy:resteasy-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.6.0

Affected versions

4.*

4.0.0.Final

4.1.0.Final

4.1.1.Final

4.2.0.Final

4.3.0.Final

4.3.1.Final

4.4.0.CR1

4.4.0.Final

4.4.1.Final

4.4.2.Final

4.4.3.Final

4.5.0.Final

4.5.1.Final

4.5.2.Final

4.5.3.Final

4.5.4.Final

4.5.5.Final

4.5.6.Final

4.5.7.Final

4.5.8.SP1

4.5.8.Final

4.5.9.Final

4.5.10.Final

4.5.11.Final

4.5.12.Beta1

4.5.12.Final

Database specific

{
    "last_known_affected_version_range": "<= 4.5.12"
}

Maven / org.jboss.resteasy:resteasy-client

Package

Name: org.jboss.resteasy:resteasy-client

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.12.0

Affected versions

3.*

3.0.0.Final

3.0.1.Final

3.0.2.Final

3.0.3.Final

3.0.4.Final

3.0.5.Final

3.0.6.Final

3.0.7.Final

3.0.8.Final

3.0.9.Final

3.0.10.Final

3.0.11.Final

3.0.12.Final

3.0.13.Final

3.0.14.Final

3.0.15.Final

3.0.16.Final

3.0.17.Final

3.0.18.Final

3.0.19.Final

3.0.20.Final

3.0.21.Final

3.0.22.Final

3.0.23.Final

3.0.24.Final

3.0.26.Final

3.1.0.Beta1

3.1.0.Beta2

3.1.0.CR1

3.1.0.CR2

3.1.0.CR3

3.1.0.Final

3.1.1.Final

3.1.2.Final

3.1.3.Final

3.1.4.Final

3.5.0.CR1

3.5.0.CR2

3.5.0.CR3

3.5.0.CR4

3.5.0.Final

3.5.1.Final

3.6.0.CR1

3.6.0.Final

3.6.1.SP1

3.6.1.SP2

3.6.1.SP3

3.6.1.SP5

3.6.1.SP6

3.6.1.SP7

3.6.1.SP8

3.6.1.Final

3.6.2.Final

3.6.3.SP1

3.6.3.Final

3.7.0.Final

3.8.0.Final

3.8.1.Final

3.9.0.Final

3.9.1.Final

3.9.2.Final

3.9.3.SP1

3.9.3.Final

3.10.0.Final

3.11.0.Final

3.11.1.Final

3.11.2.Final

3.11.3.Final

3.11.4.Final

3.11.5.Final

Database specific

{
    "last_known_affected_version_range": "<= 3.11.5"
}