CVE-2020-7622

Summary

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.

Affected Software

VendorProductVersion RangeStatus
n/aio.jooby:jooby-nettyunspecified < 1.6.9affected
n/aio.jooby:jooby-netty2.0.0 < unspecifiedaffected
n/aio.jooby:jooby-nettyunspecified < 2.2.1affected

Weaknesses

  • HTTP Response Splitting

ADP Enrichment

CVE Program Container

Additional References

References