GHSA-63cq-ppq8-cw6g
Suggest an improvement- Source
- https://github.com/advisories/GHSA-63cq-ppq8-cw6g
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-63cq-ppq8-cw6g/GHSA-63cq-ppq8-cw6g.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-63cq-ppq8-cw6g
- Aliases
- Published
- 2022-05-24T22:01:21Z
- Modified
- 2024-02-21T05:41:56.425189Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Improper Input Validation in RESTEasy
- Details
-
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-1695
- https://github.com/resteasy/Resteasy/commit/88ba8537f2e8d465c7031d352bf9bb25526ce475
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ
Affected packages
Maven / org.jboss.resteasy:resteasy-client
Package
- Name
- org.jboss.resteasy:resteasy-client
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.resteasy/resteasy-client
Affected versions
4.*
4.0.0.Final
4.1.0.Final
4.1.1.Final
4.2.0.Final
4.3.0.Final
4.3.1.Final
4.4.0.CR1
4.4.0.Final
4.4.1.Final
4.4.2.Final
4.4.3.Final
4.5.0.Final
4.5.1.Final
4.5.2.Final
4.5.3.Final
4.5.4.Final
4.5.5.Final
4.5.6.Final
4.5.7.Final
4.5.8.SP1
4.5.8.Final
4.5.9.Final
4.5.10.Final
4.5.11.Final
4.5.12.Beta1
4.5.12.Final
Maven / org.jboss.resteasy:resteasy-client
Package
- Name
- org.jboss.resteasy:resteasy-client
- View open source insights on deps.dev
- Purl
- pkg:maven/org.jboss.resteasy/resteasy-client
Affected versions
3.*
3.0.0.Final
3.0.1.Final
3.0.2.Final
3.0.3.Final
3.0.4.Final
3.0.5.Final
3.0.6.Final
3.0.7.Final
3.0.8.Final
3.0.9.Final
3.0.10.Final
3.0.11.Final
3.0.12.Final
3.0.13.Final
3.0.14.Final
3.0.15.Final
3.0.16.Final
3.0.17.Final
3.0.18.Final
3.0.19.Final
3.0.20.Final
3.0.21.Final
3.0.22.Final
3.0.23.Final
3.0.24.Final
3.0.26.Final
3.1.0.Beta1
3.1.0.Beta2
3.1.0.CR1
3.1.0.CR2
3.1.0.CR3
3.1.0.Final
3.1.1.Final
3.1.2.Final
3.1.3.Final
3.1.4.Final
3.5.0.CR1
3.5.0.CR2
3.5.0.CR3
3.5.0.CR4
3.5.0.Final
3.5.1.Final
3.6.0.CR1
3.6.0.Final
3.6.1.SP1
3.6.1.SP2
3.6.1.SP3
3.6.1.SP5
3.6.1.SP6
3.6.1.SP7
3.6.1.SP8
3.6.1.Final
3.6.2.Final
3.6.3.SP1
3.6.3.Final
3.7.0.Final
3.8.0.Final
3.8.1.Final
3.9.0.Final
3.9.1.Final
3.9.2.Final
3.9.3.SP1
3.9.3.Final
3.10.0.Final
3.11.0.Final
3.11.1.Final
3.11.2.Final
3.11.3.Final
3.11.4.Final
3.11.5.Final