Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-aedf-8vvz-37cp
Vulnerability ID VCID-aedf-8vvz-37cp
Aliases CVE-2020-1695
GHSA-63cq-ppq8-cw6g
Summary Improper Input Validation in RESTEasy A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1695.json
epss 0.00366 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00366 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00366 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00366 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00385 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00425 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
epss 0.00751 https://api.first.org/data/v1/epss?cve=CVE-2020-1695
cvssv3.1 7.5 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
generic_textual HIGH https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-63cq-ppq8-cw6g
cvssv3.1 7.5 https://github.com/resteasy/Resteasy/commit/88ba8537f2e8d465c7031d352bf9bb25526ce475
generic_textual HIGH https://github.com/resteasy/Resteasy/commit/88ba8537f2e8d465c7031d352bf9bb25526ce475
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL
cvssv3.1 7.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ
generic_textual HIGH https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-1695
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2020-1695
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1695.json
https://api.first.org/data/v1/epss?cve=CVE-2020-1695
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1695
https://github.com/resteasy/Resteasy/commit/88ba8537f2e8d465c7031d352bf9bb25526ce475
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ/
https://nvd.nist.gov/vuln/detail/CVE-2020-1695
1034804 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1034804
1730462 https://bugzilla.redhat.com/show_bug.cgi?id=1730462
GHSA-63cq-ppq8-cw6g https://github.com/advisories/GHSA-63cq-ppq8-cw6g
RHSA-2020:2112 https://access.redhat.com/errata/RHSA-2020:2112
RHSA-2020:2333 https://access.redhat.com/errata/RHSA-2020:2333
RHSA-2020:2511 https://access.redhat.com/errata/RHSA-2020:2511
RHSA-2020:2512 https://access.redhat.com/errata/RHSA-2020:2512
RHSA-2020:2513 https://access.redhat.com/errata/RHSA-2020:2513
RHSA-2020:2515 https://access.redhat.com/errata/RHSA-2020:2515
RHSA-2020:2905 https://access.redhat.com/errata/RHSA-2020:2905
RHSA-2020:3779 https://access.redhat.com/errata/RHSA-2020:3779
RHSA-2021:1775 https://access.redhat.com/errata/RHSA-2021:1775
USN-7351-1 https://usn.ubuntu.com/7351-1/
USN-7630-1 https://usn.ubuntu.com/7630-1/
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1695.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1695
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://github.com/resteasy/Resteasy/commit/88ba8537f2e8d465c7031d352bf9bb25526ce475
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJDMT443YZWCBS5NS76XZ7TL3GK7BXHL
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RX22C6I56BJUER76IIPYHGZIWBQIU3CQ
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2020-1695
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.58621
EPSS Score 0.00366
Published At April 26, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:07:39.055094+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-63cq-ppq8-cw6g/GHSA-63cq-ppq8-cw6g.json 38.0.0