ALT Linux Team

Package resteasy update in sisyphus on 2025-10-14

ALT-PU-2022-7681-1

Package resteasy updated to version 3.0.26-alt1_15jpp11 for branch sisyphus in task 300695.

Closed vulnerabilities

Published: 2019-07-16

BDU:2024-01095

Уязвимость программного средства RESTEasy, связанная с недостаточной проверкой входных данных, позволяющая нарушителю модифицировать информацию

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N
References:
Published: 2020-05-19
Modified: 2024-11-21

CVE-2020-1695

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
Published: 2022-05-25
Modified: 2022-06-24

GHSA-63cq-ppq8-cw6g

Improper Input Validation in RESTEasy

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top