CVE-2020-1695: resteasy-jaxrs-3.11.2 ------------------------------------ Key: WFLY-13511 URL: https://issues.redhat.com/browse/WFLY-13511 Project: WildFly Issue Type: Component Upgrade Components: REST Affects Versions: 19.0.0.Final, 19.1.0.Final Reporter: Radoslav Ivanov Assignee: Ronald Sigal Priority: Critical Fix For: 20.0.0.Beta1 Please fix High prio CVE-2020-1695 vulnerability issue with JAXRS: {code:java} File Path org\jboss\resteasy\resteasy-jaxrs\3.11.0.Final\resteasy-jaxrs-3.11.0.Final.jar SHA-1 e0a65cedf19500c87a0539980835940806438efb SHA-256 3d87cd378ae039ade28e9988611a86f5732d713942ecf8ed594909281ba3064b Description A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. {code}