CVE-2020-7611
N/A
N/A
Summary
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | io.micronaut:micronaut-http-client | all versions before 1.2.11 | affected |
| n/a | io.micronaut:micronaut-http-client | all versions from 1.3.0 before 1.3.2 | affected |
Weaknesses
- HTTP Request Header Injection
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342
- https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm
- https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1
References
- https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342
- https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm
- https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.