CVE-2020-7622

Опубликовано: 06 апр. 2020

Источник: nvd

CVSS3: 6.5

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.

Ссылки

https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4
Patch
Third Party Advisory
https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249
Patch
Third Party Advisory
https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4
Patch
Third Party Advisory
https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jooby:jooby:*:*:*:*:*:*:*:*

Версия до 1.6.9 (исключая)

cpe:2.3:a:jooby:jooby:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.2.1 (исключая)

EPSS

Процентиль: 63%

0.00451

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-gv3v-92v6-m48j

CVSS3: 9.8

github

почти 6 лет назад

Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

EPSS

Процентиль: 63%

0.00451

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

NVD-CWE-Other