An update for resteasy is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1483 Final 1.0 1.0 2022-01-07 Initial 2022-01-07 2022-01-07 openEuler SA Tool V1.0 2022-01-07 resteasy security update An update for resteasy is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. Framework for RESTful Web services and Java applications. Security Fix(es): A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.(CVE-2020-1695) An update for resteasy is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 and openEuler-20.03-LTS-SP3. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High resteasy https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1483 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2020-1695 https://nvd.nist.gov/vuln/detail/CVE-2020-1695 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 resteasy-optional-3.0.19-5.oe1.noarch.rpm resteasy-jackson2-provider-3.0.19-5.oe1.noarch.rpm resteasy-multipart-provider-3.0.19-5.oe1.noarch.rpm resteasy-jettison-provider-3.0.19-5.oe1.noarch.rpm resteasy-json-p-provider-3.0.19-5.oe1.noarch.rpm resteasy-netty3-3.0.19-5.oe1.noarch.rpm resteasy-atom-provider-3.0.19-5.oe1.noarch.rpm resteasy-yaml-provider-3.0.19-5.oe1.noarch.rpm resteasy-jaxb-provider-3.0.19-5.oe1.noarch.rpm resteasy-test-3.0.19-5.oe1.noarch.rpm resteasy-javadoc-3.0.19-5.oe1.noarch.rpm resteasy-3.0.19-5.oe1.noarch.rpm resteasy-client-3.0.19-5.oe1.noarch.rpm resteasy-jackson-provider-3.0.19-5.oe1.noarch.rpm resteasy-validator-provider-11-3.0.19-5.oe1.noarch.rpm resteasy-core-3.0.19-5.oe1.noarch.rpm resteasy-optional-3.0.19-5.oe1.noarch.rpm resteasy-jackson-provider-3.0.19-5.oe1.noarch.rpm resteasy-json-p-provider-3.0.19-5.oe1.noarch.rpm resteasy-yaml-provider-3.0.19-5.oe1.noarch.rpm resteasy-core-3.0.19-5.oe1.noarch.rpm resteasy-jaxb-provider-3.0.19-5.oe1.noarch.rpm resteasy-multipart-provider-3.0.19-5.oe1.noarch.rpm resteasy-jettison-provider-3.0.19-5.oe1.noarch.rpm resteasy-javadoc-3.0.19-5.oe1.noarch.rpm resteasy-client-3.0.19-5.oe1.noarch.rpm resteasy-validator-provider-11-3.0.19-5.oe1.noarch.rpm resteasy-atom-provider-3.0.19-5.oe1.noarch.rpm resteasy-3.0.19-5.oe1.noarch.rpm resteasy-jackson2-provider-3.0.19-5.oe1.noarch.rpm resteasy-test-3.0.19-5.oe1.noarch.rpm resteasy-netty3-3.0.19-5.oe1.noarch.rpm resteasy-optional-3.0.19-5.oe1.noarch.rpm resteasy-jackson-provider-3.0.19-5.oe1.noarch.rpm resteasy-json-p-provider-3.0.19-5.oe1.noarch.rpm resteasy-yaml-provider-3.0.19-5.oe1.noarch.rpm resteasy-core-3.0.19-5.oe1.noarch.rpm resteasy-jaxb-provider-3.0.19-5.oe1.noarch.rpm resteasy-multipart-provider-3.0.19-5.oe1.noarch.rpm resteasy-jettison-provider-3.0.19-5.oe1.noarch.rpm resteasy-javadoc-3.0.19-5.oe1.noarch.rpm resteasy-client-3.0.19-5.oe1.noarch.rpm resteasy-validator-provider-11-3.0.19-5.oe1.noarch.rpm resteasy-atom-provider-3.0.19-5.oe1.noarch.rpm resteasy-3.0.19-5.oe1.noarch.rpm resteasy-jackson2-provider-3.0.19-5.oe1.noarch.rpm resteasy-test-3.0.19-5.oe1.noarch.rpm resteasy-netty3-3.0.19-5.oe1.noarch.rpm resteasy-3.0.19-5.oe1.src.rpm resteasy-3.0.19-5.oe1.src.rpm resteasy-3.0.19-5.oe1.src.rpm A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server s response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. 2022-01-07 CVE-2020-1695 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 openEuler-20.03-LTS-SP3 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N resteasy security update 2022-01-07 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1483