CVE-2020-7622
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | io.jooby:jooby-netty | unspecified < 1.6.9 | affected |
| n/a | io.jooby:jooby-netty | 2.0.0 < unspecified | affected |
| n/a | io.jooby:jooby-netty | unspecified < 2.2.1 | affected |
Weaknesses
- HTTP Response Splitting
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249
- https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4
- https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j
References
- https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249
- https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4
- https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.