CVE-2020-1695 - Improper Input Validation

Severity: High2022-09-28

Security Advisories

Abstract

A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.

The Oxygen products incorporate resteasy as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Content Fusion v4.1 and olderHigh Oxygen Content Fusion 5.0 build 2022092005
Oxygen XML Web Author v24.1.0 and olderHigh Oxygen XML Web Author 24.1 build 2022070522

Mitigation

None

Detail

CVE-2020-1695

Severity: High

CVSS Score: 7.5

The resteasy third-party library used by Oxygen XML products is an affected version mentioned in CVE-2020-1695 vulnerability description.

Starting with Oxygen Web Author v24.1 build 2022070522 resteasy library was updated to version v4.6.0.Final which fixes this vulnerability.

Starting with Oxygen Content Fusion v5.0 build 2022092005 reasteasy library was updated to version v4.7.6 which fixes this vulnerability.

List of Security Advisories