Source: resteasy X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for resteasy. CVE-2020-1695[0]: | A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final | and all resteasy 4.x.x versions prior to 4.6.0.Final, where an | improper input validation results in returning an illegal header that | integrates into the server's response. This flaw may result in an | injection, which leads to unexpected behavior when the HTTP response | is constructed. https://bugzilla.redhat.com/show_bug.cgi?id=1730462 https://github.com/resteasy/Resteasy/commit/acf15f2a8067f7e4cf5838342cecfa0b78a174fb If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-1695 https://www.cve.org/CVERecord?id=CVE-2020-1695 Please adjust the affected versions in the BTS as needed.