[jboss-jira] [JBoss JIRA] (WFLY-13511) CVE-2020-1695: resteasy-jaxrs-3.11.2
Brian Stansberry (Jira)
issues at jboss.org
Tue May 26 07:10:20 EDT 2020
[ https://issues.redhat.com/browse/WFLY-13511?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry updated WFLY-13511:
------------------------------------
Security: (was: Security Issue)
> CVE-2020-1695: resteasy-jaxrs-3.11.2
> ------------------------------------
>
> Key: WFLY-13511
> URL: https://issues.redhat.com/browse/WFLY-13511
> Project: WildFly
> Issue Type: Component Upgrade
> Components: REST
> Affects Versions: 19.0.0.Final, 19.1.0.Final
> Reporter: Radoslav Ivanov
> Assignee: Ronald Sigal
> Priority: Critical
> Fix For: 20.0.0.Beta1
>
>
> Please fix High prio CVE-2020-1695 vulnerability issue with JAXRS:
> {code:java}
> File Path org\jboss\resteasy\resteasy-jaxrs\3.11.0.Final\resteasy-jaxrs-3.11.0.Final.jar
> SHA-1 e0a65cedf19500c87a0539980835940806438efb
> SHA-256 3d87cd378ae039ade28e9988611a86f5732d713942ecf8ed594909281ba3064b
> Description A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list