Vulnerability-Lookup

CVE-2020-7611 (GCVE-0-2020-7611)

Vulnerability from cvelistv5 – Published: 2020-03-30 21:53 – Updated: 2024-08-04 09:33

Summary

All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.

Severity

No CVSS data available.

CWE

HTTP Request Header Injection

Assigner

snyk

References

3 references

URL	Tags
https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342	x_refsource_MISC
https://github.com/micronaut-projects/micronaut-c…	x_refsource_MISC
https://github.com/micronaut-projects/micronaut-c…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
n/a	io.micronaut:micronaut-http-client	Affected: all versions before 1.2.11 Affected: all versions from 1.3.0 before 1.3.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:33:19.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "io.micronaut:micronaut-http-client",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "all versions before 1.2.11"
            },
            {
              "status": "affected",
              "version": "all versions from 1.3.0 before 1.3.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "HTTP Request Header Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-30T21:53:05.000Z",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "ID": "CVE-2020-7611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "io.micronaut:micronaut-http-client",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "all versions before 1.2.11"
                          },
                          {
                            "version_value": "all versions from 1.3.0 before 1.3.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "HTTP Request Header Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342"
            },
            {
              "name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm",
              "refsource": "MISC",
              "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm"
            },
            {
              "name": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1",
              "refsource": "MISC",
              "url": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2020-7611",
    "datePublished": "2020-03-30T21:53:05.000Z",
    "dateReserved": "2020-01-21T00:00:00.000Z",
    "dateUpdated": "2024-08-04T09:33:19.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-7611",
      "date": "2026-05-27",
      "epss": "0.005",
      "percentile": "0.66174"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.2.11\", \"matchCriteriaId\": \"1656466B-C668-4299-A9DB-0BEECB5E411E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.3.0\", \"versionEndExcluding\": \"1.3.2\", \"matchCriteriaId\": \"EE50BE0B-0114-430D-B00D-E5BD503BFD96\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.\"}, {\"lang\": \"es\", \"value\": \"Todas las versiones de io.micronaut:micronaut-http-client versiones anteriores a 1.2.11 y todas las versiones desde 1.3.0 anteriores a 1.3.2, son vulnerables a una Inyecci\\u00f3n de Encabezado de Petici\\u00f3n HTTP, debido a que no comprueban los encabezados de petici\\u00f3n pasados hacia el cliente.\"}]",
      "id": "CVE-2020-7611",
      "lastModified": "2024-11-21T05:37:28.277",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-03-30T22:15:15.603",
      "references": "[{\"url\": \"https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1\", \"source\": \"report@snyk.io\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342\", \"source\": \"report@snyk.io\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "report@snyk.io",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-444\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-7611\",\"sourceIdentifier\":\"report@snyk.io\",\"published\":\"2020-03-30T22:15:15.603\",\"lastModified\":\"2024-11-21T05:37:28.277\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.\"},{\"lang\":\"es\",\"value\":\"Todas las versiones de io.micronaut:micronaut-http-client versiones anteriores a 1.2.11 y todas las versiones desde 1.3.0 anteriores a 1.3.2, son vulnerables a una Inyecci\u00f3n de Encabezado de Petici\u00f3n HTTP, debido a que no comprueban los encabezados de petici\u00f3n pasados hacia el cliente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-444\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.2.11\",\"matchCriteriaId\":\"1656466B-C668-4299-A9DB-0BEECB5E411E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.3.0\",\"versionEndExcluding\":\"1.3.2\",\"matchCriteriaId\":\"EE50BE0B-0114-430D-B00D-E5BD503BFD96\"}]}]}],\"references\":[{\"url\":\"https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1\",\"source\":\"report@snyk.io\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342\",\"source\":\"report@snyk.io\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}

CNVD-2020-37908

Vulnerability from cnvd - Published: 2020-07-09

Title

io.micronaut:micronaut-http-client环境问题漏洞

Description

Object Computing micronaut是美国Object Computing公司的一款基于JVM的全栈框架，它主要用于构建模块化微服务和无服务器应用程序。io.micronaut：micronaut-http-client是其中的一个HTTP客户端。 io.micronaut：micronaut-http-client 1.2.11之前版本和1.3.1版本中存在环境问题漏洞。该漏洞源于网络系统或产品的环境因素不合理。目前没有详细的漏洞细节提供。

Severity

高

Patch Name

io.micronaut:micronaut-http-client环境问题漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： https://objectcomputing.com/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-7611

Impacted products

Name
['Object Computing io.micronaut：micronaut-http-client 1.2.11', 'Object Computing io.micronaut：micronaut-http-client 1.3.1']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-7611"
    }
  },
  "description": "Object Computing micronaut\u662f\u7f8e\u56fdObject Computing\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eJVM\u7684\u5168\u6808\u6846\u67b6\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u6784\u5efa\u6a21\u5757\u5316\u5fae\u670d\u52a1\u548c\u65e0\u670d\u52a1\u5668\u5e94\u7528\u7a0b\u5e8f\u3002io.micronaut\uff1amicronaut-http-client\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\u5ba2\u6237\u7aef\u3002\n\nio.micronaut\uff1amicronaut-http-client 1.2.11\u4e4b\u524d\u7248\u672c\u548c1.3.1\u7248\u672c\u4e2d\u5b58\u5728\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7684\u73af\u5883\u56e0\u7d20\u4e0d\u5408\u7406\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://objectcomputing.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-37908",
  "openTime": "2020-07-09",
  "patchDescription": "Object Computing micronaut\u662f\u7f8e\u56fdObject Computing\u516c\u53f8\u7684\u4e00\u6b3e\u57fa\u4e8eJVM\u7684\u5168\u6808\u6846\u67b6\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u6784\u5efa\u6a21\u5757\u5316\u5fae\u670d\u52a1\u548c\u65e0\u670d\u52a1\u5668\u5e94\u7528\u7a0b\u5e8f\u3002io.micronaut\uff1amicronaut-http-client\u662f\u5176\u4e2d\u7684\u4e00\u4e2aHTTP\u5ba2\u6237\u7aef\u3002\r\n\r\nio.micronaut\uff1amicronaut-http-client 1.2.11\u4e4b\u524d\u7248\u672c\u548c1.3.1\u7248\u672c\u4e2d\u5b58\u5728\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u7684\u73af\u5883\u56e0\u7d20\u4e0d\u5408\u7406\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "io.micronaut:micronaut-http-client\u73af\u5883\u95ee\u9898\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Object Computing io.micronaut\uff1amicronaut-http-client 1.2.11",
      "Object Computing io.micronaut\uff1amicronaut-http-client 1.3.1"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-7611",
  "serverity": "\u9ad8",
  "submitTime": "2020-03-31",
  "title": "io.micronaut:micronaut-http-client\u73af\u5883\u95ee\u9898\u6f0f\u6d1e"
}

FKIE_CVE-2020-7611

Vulnerability from fkie_nvd - Published: 2020-03-30 22:15 - Updated: 2024-11-21 05:37

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
report@snyk.io	https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1	Patch
report@snyk.io	https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm	Exploit, Patch, Third Party Advisory
report@snyk.io	https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342	Exploit, Third Party Advisory

Impacted products

	Vendor	Product	Version
	objectcomputing	micronaut	*
	objectcomputing	micronaut	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1656466B-C668-4299-A9DB-0BEECB5E411E",
              "versionEndExcluding": "1.2.11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE50BE0B-0114-430D-B00D-E5BD503BFD96",
              "versionEndExcluding": "1.3.2",
              "versionStartIncluding": "1.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client."
    },
    {
      "lang": "es",
      "value": "Todas las versiones de io.micronaut:micronaut-http-client versiones anteriores a 1.2.11 y todas las versiones desde 1.3.0 anteriores a 1.3.2, son vulnerables a una Inyecci\u00f3n de Encabezado de Petici\u00f3n HTTP, debido a que no comprueban los encabezados de petici\u00f3n pasados hacia el cliente."
    }
  ],
  "id": "CVE-2020-7611",
  "lastModified": "2024-11-21T05:37:28.277",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-30T22:15:15.603",
  "references": [
    {
      "source": "report@snyk.io",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm"
    },
    {
      "source": "report@snyk.io",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342"
    }
  ],
  "sourceIdentifier": "report@snyk.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-694P-XRHG-X3WM

Vulnerability from github – Published: 2020-03-30 20:54 – Updated: 2023-11-06 11:08

Summary

Micronaut's HTTP client is vulnerable to HTTP Request Header Injection

Details

Vulnerability

Micronaut's HTTP client is vulnerable to "HTTP Request Header Injection" due to not validating request headers passed to the client.

Example of vulnerable code:

@Controller("/hello")
public class HelloController {

    @Inject
    @Client("/")
    RxHttpClient client;

    @Get("/external-exploit")
    @Produces(MediaType.TEXT_PLAIN)
    public String externalExploit(@QueryValue("header-value") String headerValue) {
        return client.toBlocking().retrieve(
            HttpRequest.GET("/hello")
                .header("Test", headerValue)
        );
    }
}

In the above case a query value received from a user is passed as a header value to the client. Since the client doesn't validate the header value the request headers and body have the potential to be manipulated.

For example, a user that supplies the following payload, can force the client to make multiple attacker-controlled HTTP requests.

List<String> headerData = List.of(
    "Connection: Keep-Alive", // This keeps the connection open so another request can be stuffed in.
    "",
    "",
    "POST /hello/super-secret HTTP/1.1",
    "Host: 127.0.0.1",
    "Content-Length: 31",
    "",
    "{\"new\":\"json\",\"content\":\"here\"}",
    "",
    ""
);
String headerValue = "H\r\n" + String.join("\r\n", headerData);;
URI theURI =
    UriBuilder
        .of("/hello/external-exploit")
        .queryParam("header-value", headerValue) // Automatically URL encodes data
        .build();
HttpRequest<String> request = HttpRequest.GET(theURI);
String body = client.toBlocking().retrieve(request);

Note that using @HeaderValue instead of @QueryValue is not vulnerable since Micronaut's HTTP server does validate the headers passed to the server, so the exploit can only be triggered by using user data that is not an HTTP header (query values, form data etc.).

Impact

The attacker is able to control the entirety of the HTTP body for their custom requests. As such, this vulnerability enables attackers to perform a variant of Server Side Request Forgery.

Patches

The problem has been patched in the micronaut-http-client versions 1.2.11 and 1.3.2 and above.

Workarounds

Do not pass user data directly received from HTTP request parameters as headers in the HTTP client.

References

Fix commits - https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1 - https://github.com/micronaut-projects/micronaut-core/commit/6deb60b75517f80c57b42d935f07955c773b766d - https://github.com/micronaut-projects/micronaut-core/commit/bc855e439c4a5ced3d83195bb59d0679cbd95add

For more information

If you have any questions or comments about this advisory:

Open an issue in micronaut-core
Email us at info@micronaut.io

Credit

Originally reported by @JLLeitschuh

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.micronaut:micronaut-http-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.11"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "io.micronaut:micronaut-http-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.3.0"
            },
            {
              "fixed": "1.3.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-7611"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-444"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-03-30T20:54:42Z",
    "nvd_published_at": null,
    "severity": "CRITICAL"
  },
  "details": "### Vulnerability\n\nMicronaut\u0027s HTTP client is vulnerable to \"HTTP Request Header Injection\" due to not validating request headers passed to the client.\n\nExample of vulnerable code:\n\n```java\n@Controller(\"/hello\")\npublic class HelloController {\n\n    @Inject\n    @Client(\"/\")\n    RxHttpClient client;\n\n    @Get(\"/external-exploit\")\n    @Produces(MediaType.TEXT_PLAIN)\n    public String externalExploit(@QueryValue(\"header-value\") String headerValue) {\n        return client.toBlocking().retrieve(\n            HttpRequest.GET(\"/hello\")\n                .header(\"Test\", headerValue)\n        );\n    }\n}\n```\n\nIn the above case a query value received from a user is passed as a header value to the client. Since the client doesn\u0027t validate the header value the request headers and body have the potential to be manipulated.\n\nFor example, a user that supplies the following payload, can force the client to make multiple attacker-controlled HTTP requests.\n\n```java\nList\u003cString\u003e headerData = List.of(\n    \"Connection: Keep-Alive\", // This keeps the connection open so another request can be stuffed in.\n    \"\",\n    \"\",\n    \"POST /hello/super-secret HTTP/1.1\",\n    \"Host: 127.0.0.1\",\n    \"Content-Length: 31\",\n    \"\",\n    \"{\\\"new\\\":\\\"json\\\",\\\"content\\\":\\\"here\\\"}\",\n    \"\",\n    \"\"\n);\nString headerValue = \"H\\r\\n\" + String.join(\"\\r\\n\", headerData);;\nURI theURI =\n    UriBuilder\n        .of(\"/hello/external-exploit\")\n        .queryParam(\"header-value\", headerValue) // Automatically URL encodes data\n        .build();\nHttpRequest\u003cString\u003e request = HttpRequest.GET(theURI);\nString body = client.toBlocking().retrieve(request);\n```\n\nNote that using `@HeaderValue` instead of `@QueryValue` is not vulnerable since Micronaut\u0027s HTTP server does validate the headers passed to the server, so the exploit can only be triggered by using user data that is not an HTTP header (query values, form data etc.).\n\n### Impact\n\nThe attacker is able to control the entirety of the HTTP body for their custom requests.\nAs such, this vulnerability enables attackers to perform a variant of [Server Side Request Forgery](https://cwe.mitre.org/data/definitions/918.html).\n\n### Patches\n\nThe problem has been patched in the `micronaut-http-client` versions 1.2.11 and 1.3.2 and above.\n\n### Workarounds\n\nDo not pass user data directly received from HTTP request parameters as headers in the HTTP client.\n\n### References\n\nFix commits\n- https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1\n- https://github.com/micronaut-projects/micronaut-core/commit/6deb60b75517f80c57b42d935f07955c773b766d\n- https://github.com/micronaut-projects/micronaut-core/commit/bc855e439c4a5ced3d83195bb59d0679cbd95add\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [micronaut-core](https://github.com/micronaut-projects/micronaut-core)\n* Email us at [info@micronaut.io](mailto:info@micronaut.io)\n\n### Credit\n\nOriginally reported by @JLLeitschuh \n",
  "id": "GHSA-694p-xrhg-x3wm",
  "modified": "2023-11-06T11:08:02Z",
  "published": "2020-03-30T20:54:55Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-7611"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/commit/6deb60b75517f80c57b42d935f07955c773b766d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/micronaut-projects/micronaut-core/commit/bc855e439c4a5ced3d83195bb59d0679cbd95add"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/micronaut-projects/micronaut-core"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Micronaut\u0027s HTTP client is vulnerable to HTTP Request Header Injection"
}

GSD-2020-7611

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-7611

Aliases

CVE-2020-7611

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-7611",
    "description": "All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.",
    "id": "GSD-2020-7611"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-7611"
      ],
      "details": "All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.",
      "id": "GSD-2020-7611",
      "modified": "2023-12-13T01:21:52.267916Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "report@snyk.io",
        "ID": "CVE-2020-7611",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "io.micronaut:micronaut-http-client",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "all versions before 1.2.11"
                        },
                        {
                          "version_value": "all versions from 1.3.0 before 1.3.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "HTTP Request Header Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342",
            "refsource": "MISC",
            "url": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342"
          },
          {
            "name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm",
            "refsource": "MISC",
            "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm"
          },
          {
            "name": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1",
            "refsource": "MISC",
            "url": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.2.11),[1.3.0,1.3.2)",
          "affected_versions": "All versions before 1.2.11, all versions starting from 1.3.0 before 1.3.2",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-444",
            "CWE-937"
          ],
          "date": "2020-04-02",
          "description": "The Micronaut HTTP client is vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.",
          "fixed_versions": [
            "1.2.11",
            "1.3.2"
          ],
          "identifier": "CVE-2020-7611",
          "identifiers": [
            "CVE-2020-7611",
            "GHSA-694p-xrhg-x3wm"
          ],
          "not_impacted": "All versions starting from 1.2.11 before 1.3.0, all versions starting from 1.3.2",
          "package_slug": "maven/io.micronaut/micronaut-http-client",
          "pubdate": "2020-03-30",
          "solution": "Upgrade to versions 1.2.11, 1.3.2 or above.",
          "title": "Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2020-7611"
          ],
          "uuid": "c351a03c-5ece-420a-bbe5-c28b2b237514"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.11",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:objectcomputing:micronaut:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.3.2",
                "versionStartIncluding": "1.3.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "ID": "CVE-2020-7611"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-444"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm"
            },
            {
              "name": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342"
            },
            {
              "name": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-04-02T14:37Z",
      "publishedDate": "2020-03-30T22:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-7611 (GCVE-0-2020-7611)

CNVD-2020-37908

FKIE_CVE-2020-7611

GHSA-694P-XRHG-X3WM

Vulnerability

Impact

Patches

Workarounds

References

For more information

Credit

GSD-2020-7611

Tags

Sightings

Nomenclature