CVE-2020-7622

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-7622
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7622.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-7622
Aliases
Published
2020-04-06T15:15:12Z
Modified
2024-05-30T02:42:39.114727Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.

References

Affected packages

Git / github.com/jooby-project/jooby

Affected ranges

Type
GIT
Repo
https://github.com/jooby-project/jooby
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.1.0
v0.10.0
v0.11.0
v0.11.1
v0.11.2
v0.14.0
v0.15.0
v0.15.1
v0.16.0
v0.2.0
v0.2.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.3
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.8.0
v0.8.2
v0.9.0
v0.9.1
v0.9.2

v1.*

v1.0.0
v1.0.0.CR1
v1.0.0.CR2
v1.0.0.CR3
v1.0.0.CR4
v1.0.0.CR5
v1.0.0.CR6
v1.0.0.CR7
v1.0.0.CR8
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.4.0
v1.4.1
v1.5.0

v2.*

v2.0.0
v2.0.0.M1
v2.0.0.M2
v2.0.0.M3
v2.0.0.RC1
v2.0.0.RC2
v2.0.0.RC3
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.1.0