Description

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

Remediation

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/

Related Vulnerabilities

CVE-2022-24728 Vulnerability in npm package ckeditor4

CVE-2017-15010 Vulnerability in maven package org.webjars.npm:tough-cookie

CVE-2022-25873 Vulnerability in maven package org.webjars.bowergithub.vuetifyjs:vuetify

CVE-2020-13654 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore

CVE-2023-37960 Vulnerability in maven package io.jenkins.plugins:mathworks-polyspace

Severity

High

Classification

CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Issue Tracking Patch Vendor Advisory