CVE-2020-1695 - Improper Input Validation
Severity: High2022-09-28
Abstract
A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
The Oxygen products incorporate resteasy as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Content Fusion v4.1 and older | High | Oxygen Content Fusion 5.0 build 2022092005 |
Oxygen XML Web Author v24.1.0 and older | High | Oxygen XML Web Author 24.1 build 2022070522 |
Detail
CVE-2020-1695
Severity: High
CVSS Score: 7.5
The resteasy third-party library used by Oxygen XML products is an affected version mentioned in CVE-2020-1695 vulnerability description.
Starting with Oxygen Web Author v24.1 build 2022070522 resteasy library was updated to version v4.6.0.Final which fixes this vulnerability.
Starting with Oxygen Content Fusion v5.0 build 2022092005 reasteasy library was updated to version v4.7.6 which fixes this vulnerability.