GHSA-35fr-h7jr-hh86

Опубликовано: 06 дек. 2019

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria

Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response.

Impact

Cross-User Defacement
Cache Poisoning
Cross-Site Scripting (XSS)
Page Hijacking

Root Cause

The root cause is due to the usage of Netty without the HTTP header validation.

https://github.com/line/armeria/blob/f0d870fde1088114070be31b67f7df0a21e835c6/core/src/main/java/com/linecorp/armeria/common/DefaultHttpHeaders.java#L23

Patches

This vulnerability has been patched in 0.97.0.

References

CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') https://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j

For more information

If you have any questions or comments about this advisory:

Open an issue in GitHub

Ссылки

https://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86

Пакеты

Наименование

com.linecorp.armeria:armeria

maven

Затронутые версииВерсия исправления

>= 0.85.0, < 0.97.0

0.97.0

6.5 Medium

CVSS3

Дефекты

CWE-113

CWE-74

6.5 Medium

CVSS3

Дефекты

CWE-113

CWE-74