Candidate: CVE-2020-1695
PublicDate: 2020-05-19 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1695
 https://bugzilla.redhat.com/show_bug.cgi?id=1730462
Description:
 A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and
 all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input
 validation results in returning an illegal header that integrates into the
 server's response. This flaw may result in an injection, which leads to
 unexpected behavior when the HTTP response is constructed.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_resteasy:
upstream_resteasy: needs-triage
precise/esm_resteasy: DNE
trusty_resteasy: ignored (out of standard support)
trusty/esm_resteasy: DNE
xenial_resteasy: ignored (end of standard support, was needs-triage)
bionic_resteasy: DNE
eoan_resteasy: ignored (reached end-of-life)
focal_resteasy: needs-triage
groovy_resteasy: ignored (reached end-of-life)
hirsute_resteasy: ignored (reached end-of-life)
impish_resteasy: needs-triage
jammy_resteasy: needs-triage
devel_resteasy: needs-triage

Patches_resteasy3.0:
upstream_resteasy3.0: needs-triage
precise/esm_resteasy3.0: DNE
trusty_resteasy3.0: ignored (out of standard support)
trusty/esm_resteasy3.0: DNE
xenial_resteasy3.0: DNE
bionic_resteasy3.0: needs-triage
eoan_resteasy3.0: ignored (reached end-of-life)
focal_resteasy3.0: needs-triage
groovy_resteasy3.0: ignored (reached end-of-life)
hirsute_resteasy3.0: ignored (reached end-of-life)
impish_resteasy3.0: needs-triage
jammy_resteasy3.0: needs-triage
devel_resteasy3.0: needs-triage