CVE-2020-1695

NameCVE-2020-1695
DescriptionA flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
resteasy (PTS)sid3.6.2-2undetermined
resteasy3.0 (PTS)bullseye, sid, buster3.0.26-1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
resteasysource(unstable)undetermined
resteasy3.0source(unstable)undetermined

Notes

https://bugzilla.redhat.com/show_bug.cgi?id=1730462

Search for package or bug name: Reporting problems