Search criteria
3 vulnerabilities by jooby
CVE-2020-7647 (GCVE-0-2020-7647)
Vulnerability from cvelistv5 – Published: 2020-05-11 19:30 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | io.jooby:jooby and org.jooby:jooby |
Affected:
all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "io.jooby:jooby and org.jooby:jooby",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T19:30:18",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "io.jooby:jooby and org.jooby:jooby",
"version": {
"version_data": [
{
"version_value": "all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806,",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806,"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807,",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807,"
},
{
"name": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7647",
"datePublished": "2020-05-11T19:30:18",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:19.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7622 (GCVE-0-2020-7622)
Vulnerability from cvelistv5 – Published: 2020-04-06 14:08 – Updated: 2024-09-16 17:03
VLAI?
Title
HTTP Response Splitting
Summary
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
Severity ?
6.5 (Medium)
CWE
- HTTP Response Splitting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | io.jooby:jooby-netty |
Affected:
unspecified , < 1.6.9
(custom)
Affected: 2.0.0 , < unspecified (custom) Affected: unspecified , < 2.2.1 (custom) |
Credits
Jonathan Leitschuh
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "io.jooby:jooby-netty",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jonathan Leitschuh"
}
],
"datePublic": "2021-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn\u0027t being abused for HTTP Response Splitting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP Response Splitting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:26:21",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
],
"title": "HTTP Response Splitting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-08-02T07:51:16.381739Z",
"ID": "CVE-2020-7622",
"STATE": "PUBLIC",
"TITLE": "HTTP Response Splitting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "io.jooby:jooby-netty",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.6.9"
},
{
"version_affected": "\u003e=",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Leitschuh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn\u0027t being abused for HTTP Response Splitting."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Response Splitting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"name": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"name": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7622",
"datePublished": "2020-04-06T14:08:48.593894Z",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-09-16T17:03:41.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15477 (GCVE-0-2019-15477)
Vulnerability from cvelistv5 – Published: 2019-08-23 12:19 – Updated: 2024-08-05 00:49
VLAI?
Summary
Jooby before 1.6.4 has XSS via the default error handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jooby before 1.6.4 has XSS via the default error handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T12:19:16",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jooby before 1.6.4 has XSS via the default error handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jooby-project/jooby/pull/1368",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15477",
"datePublished": "2019-08-23T12:19:16",
"dateReserved": "2019-08-22T00:00:00",
"dateUpdated": "2024-08-05T00:49:13.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}