Description
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
Remediation
References
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/
Related Vulnerabilities
CVE-2022-39368 Vulnerability in maven package org.eclipse.californium:scandium
CVE-2023-37460 Vulnerability in maven package org.codehaus.plexus:plexus-archiver
CVE-2021-21169 Vulnerability in npm package electron
CVE-2021-21293 Vulnerability in maven package org.http4s:blaze-core_2.13
CVE-2022-31172 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable