CVE-2020-7611

Опубликовано: 30 мар. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.

Ссылки

https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1
Patch
https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm
Exploit
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342
Exploit
Third Party Advisory
https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1
Patch
https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm
Exploit
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*

Версия до 1.2.11 (исключая)

cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*

Версия от 1.3.0 (включая) до 1.3.2 (исключая)

EPSS

Процентиль: 65%

0.005

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-444

Связанные уязвимости

GHSA-694p-xrhg-x3wm