CVE-2022-29631

Опубликовано: 06 июн. 2022

Источник: ubuntu

Приоритет: medium

CVSS2: 5

CVSS3: 7.5

Описание

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload.

Релиз	Статус	Примечание
bionic	DNE
devel	DNE
esm-apps/focal	not-affected	code not present
esm-apps/jammy	not-affected	code not present
focal	not-affected	code not present
impish	not-affected	code not present
jammy	not-affected	code not present
kinetic	ignored	end of life, was needs-triage
lunar	DNE
trusty	DNE

Показывать по

Ссылки на источники

5 Medium

CVSS2

7.5 High

CVSS3

Связанные уязвимости

CVE-2022-29631

CVSS3: 7.5

nvd

больше 3 лет назад

CVE-2022-29631

CVSS3: 7.5

debian

больше 3 лет назад

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vul ...

GHSA-pp3c-cf6j-m3ff

CVSS3: 7.5

github

больше 3 лет назад

Server-Side Request Forgery in Jodd HTTP

5 Medium

CVSS2

7.5 High

CVSS3

CVE-2022-29631

Описание

Пакет jodd

Ссылки на источники

Связанные уязвимости