Search criteria
9 vulnerabilities found for jooby by jooby
FKIE_CVE-2020-7647
Vulnerability from fkie_nvd - Published: 2020-05-11 20:15 - Updated: 2024-11-21 05:37
Severity ?
Summary
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jooby:jooby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3671F930-39B5-4B12-AF92-D75E7E7F2036",
"versionEndExcluding": "1.6.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jooby:jooby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6542EC-D602-4DC6-B323-472D5A4AA17E",
"versionEndExcluding": "2.8.2",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors."
},
{
"lang": "es",
"value": "Todas las versiones anteriores a 1.6.7 y todas las versiones posteriores a 2.0.0 incluy\u00e9ndola y versiones anteriores a 2.8.2, de io.jooby:jooby y org.jooby:jooby son vulnerables a un Salto de Directorio por medio de dos vectores separados."
}
],
"id": "CVE-2020-7647",
"lastModified": "2024-11-21T05:37:32.220",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-11T20:15:12.463",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
},
{
"source": "report@snyk.io",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"source": "report@snyk.io",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-7622
Vulnerability from fkie_nvd - Published: 2020-04-06 15:15 - Updated: 2024-11-21 05:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
References
| URL | Tags | ||
|---|---|---|---|
| report@snyk.io | https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4 | Patch, Third Party Advisory | |
| report@snyk.io | https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j | Exploit, Third Party Advisory | |
| report@snyk.io | https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249 | Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jooby:jooby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "677363FC-9D5B-4A14-ABFA-276A4721FE58",
"versionEndExcluding": "1.6.9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:jooby:jooby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B3F2665A-CE12-49D1-B93E-9A4D7D701839",
"versionEndExcluding": "2.2.1",
"versionStartIncluding": "2.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn\u0027t being abused for HTTP Response Splitting."
},
{
"lang": "es",
"value": "Esto afecta al paquete io.jooby:jooby-netty anterior a la versi\u00f3n 1.6.9, desde la versi\u00f3n 2.0.0 y anterior a la 2.2.1. El DefaultHttpHeaders se establece en false lo que significa que no valida que la cabecera no est\u00e1 siendo abusada para la divisi\u00f3n de la respuesta HTTP."
}
],
"id": "CVE-2020-7622",
"lastModified": "2024-11-21T05:37:29.360",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5,
"source": "report@snyk.io",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-06T15:15:12.770",
"references": [
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"source": "report@snyk.io",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
},
{
"source": "report@snyk.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
}
],
"sourceIdentifier": "report@snyk.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-15477
Vulnerability from fkie_nvd - Published: 2019-08-23 13:15 - Updated: 2024-11-21 04:28
Severity ?
Summary
Jooby before 1.6.4 has XSS via the default error handler.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/jooby-project/jooby/pull/1368 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/jooby-project/jooby/pull/1368 | Exploit, Issue Tracking, Patch, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jooby:jooby:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B236B0C3-D51D-4BD7-A819-C6ADBC38CB00",
"versionEndExcluding": "1.6.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Jooby before 1.6.4 has XSS via the default error handler."
},
{
"lang": "es",
"value": "Jooby versiones anteriores a la 1.6.4 tiene XSS a trav\u00e9s del controlador de errores predeterminado."
}
],
"id": "CVE-2019-15477",
"lastModified": "2024-11-21T04:28:49.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-08-23T13:15:10.827",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-7647 (GCVE-0-2020-7647)
Vulnerability from cvelistv5 – Published: 2020-05-11 19:30 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | io.jooby:jooby and org.jooby:jooby |
Affected:
all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "io.jooby:jooby and org.jooby:jooby",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T19:30:18",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "io.jooby:jooby and org.jooby:jooby",
"version": {
"version_data": [
{
"version_value": "all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806,",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806,"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807,",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807,"
},
{
"name": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7647",
"datePublished": "2020-05-11T19:30:18",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7622 (GCVE-0-2020-7622)
Vulnerability from cvelistv5 – Published: 2020-04-06 14:08 – Updated: 2024-09-16 17:03
VLAI?
Title
HTTP Response Splitting
Summary
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
Severity ?
6.5 (Medium)
CWE
- HTTP Response Splitting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | io.jooby:jooby-netty |
Affected:
unspecified , < 1.6.9
(custom)
Affected: 2.0.0 , < unspecified (custom) Affected: unspecified , < 2.2.1 (custom) |
Credits
Jonathan Leitschuh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "io.jooby:jooby-netty",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jonathan Leitschuh"
}
],
"datePublic": "2021-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn\u0027t being abused for HTTP Response Splitting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP Response Splitting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:26:21",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
],
"title": "HTTP Response Splitting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-08-02T07:51:16.381739Z",
"ID": "CVE-2020-7622",
"STATE": "PUBLIC",
"TITLE": "HTTP Response Splitting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "io.jooby:jooby-netty",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.6.9"
},
{
"version_affected": "\u003e=",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Leitschuh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn\u0027t being abused for HTTP Response Splitting."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Response Splitting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"name": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"name": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7622",
"datePublished": "2020-04-06T14:08:48.593894Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T17:03:41.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15477 (GCVE-0-2019-15477)
Vulnerability from cvelistv5 – Published: 2019-08-23 12:19 – Updated: 2024-08-05 00:49
VLAI?
Summary
Jooby before 1.6.4 has XSS via the default error handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jooby before 1.6.4 has XSS via the default error handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T12:19:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jooby before 1.6.4 has XSS via the default error handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jooby-project/jooby/pull/1368",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15477",
"datePublished": "2019-08-23T12:19:16",
"dateReserved": "2019-08-22T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7647 (GCVE-0-2020-7647)
Vulnerability from nvd – Published: 2020-05-11 19:30 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | io.jooby:jooby and org.jooby:jooby |
Affected:
all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "io.jooby:jooby and org.jooby:jooby",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T19:30:18",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "io.jooby:jooby and org.jooby:jooby",
"version": {
"version_data": [
{
"version_value": "all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806,",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806,"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807,",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807,"
},
{
"name": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7647",
"datePublished": "2020-05-11T19:30:18",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7622 (GCVE-0-2020-7622)
Vulnerability from nvd – Published: 2020-04-06 14:08 – Updated: 2024-09-16 17:03
VLAI?
Title
HTTP Response Splitting
Summary
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
Severity ?
6.5 (Medium)
CWE
- HTTP Response Splitting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | io.jooby:jooby-netty |
Affected:
unspecified , < 1.6.9
(custom)
Affected: 2.0.0 , < unspecified (custom) Affected: unspecified , < 2.2.1 (custom) |
Credits
Jonathan Leitschuh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "io.jooby:jooby-netty",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jonathan Leitschuh"
}
],
"datePublic": "2021-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn\u0027t being abused for HTTP Response Splitting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP Response Splitting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:26:21",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
],
"title": "HTTP Response Splitting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-08-02T07:51:16.381739Z",
"ID": "CVE-2020-7622",
"STATE": "PUBLIC",
"TITLE": "HTTP Response Splitting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "io.jooby:jooby-netty",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.6.9"
},
{
"version_affected": "\u003e=",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Leitschuh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn\u0027t being abused for HTTP Response Splitting."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Response Splitting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"name": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"name": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7622",
"datePublished": "2020-04-06T14:08:48.593894Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T17:03:41.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15477 (GCVE-0-2019-15477)
Vulnerability from nvd – Published: 2019-08-23 12:19 – Updated: 2024-08-05 00:49
VLAI?
Summary
Jooby before 1.6.4 has XSS via the default error handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jooby before 1.6.4 has XSS via the default error handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T12:19:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jooby before 1.6.4 has XSS via the default error handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jooby-project/jooby/pull/1368",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15477",
"datePublished": "2019-08-23T12:19:16",
"dateReserved": "2019-08-22T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}