A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server’s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
github.com/resteasy/Resteasy/commit/88ba8537f2e8d465c7031d352bf9bb25526ce475
lists.fedoraproject.org/archives/list/[email protected]/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL
lists.fedoraproject.org/archives/list/[email protected]/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ
nvd.nist.gov/vuln/detail/CVE-2020-1695