CVE-2020-7647
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-7647
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7647.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-7647
- Aliases
- Related
- Published
- 2020-05-11T20:15:12.463Z
- Modified
- 2025-11-20T11:28:30.812602Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.
- References
Affected packages
Git / github.com/jooby-project/jooby
Affected ranges
- Type
- GIT
- Repo
- https://github.com/jooby-project/jooby
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.1.0
v0.10.0
v0.11.0
v0.11.1
v0.11.2
v0.14.0
v0.15.0
v0.15.1
v0.16.0
v0.2.0
v0.2.1
v0.3.0
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.1
v0.5.3
v0.6.0
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.8.0
v0.8.2
v0.9.0
v0.9.1
v0.9.2
v1.*
v1.0.0
v1.0.0.CR1
v1.0.0.CR2
v1.0.0.CR3
v1.0.0.CR4
v1.0.0.CR5
v1.0.0.CR6
v1.0.0.CR7
v1.0.0.CR8
v1.0.1
v1.0.2
v1.0.3
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.3.0
v1.4.0
v1.4.1
v1.5.0
v1.5.1
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7647.json"
vanir_signatures
[
{
"target": {
"file": "jooby/src/main/java/org/jooby/Jooby.java"
},
"id": "CVE-2020-7647-2cce24e8",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"line_hashes": [
"212552517428712157371467294294585534240",
"147093936128643861626990937998929825099",
"161455699441314924120019767760285523768",
"225399757400529951307103118832631518208"
],
"threshold": 0.9
}
},
{
"target": {
"file": "jooby/src/test/java/org/jooby/handlers/AssetHandlerTest.java"
},
"id": "CVE-2020-7647-30c3acbe",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"line_hashes": [
"161619109476583297538546584396719559462",
"220039322242277197365860230397327887748",
"23197574679396418500192664508841220059",
"65751704212995262998810260667210623569",
"264603164129503081438426995548196204090",
"329663273969106577944675263073166033549",
"271367844159015131077658879843940319519",
"162455263896057661585712066696501288338",
"64436418796746477026928314336012688988",
"272045558569696631772089029432072281995",
"121739595361313449345920558893233621020",
"26395294751276038574201073044052649795",
"229041600862413423664493720794080674357",
"148836473539862667371261588267637031920",
"306300835907094780300756537667847270203",
"161681231023083642698991046532814073966",
"154801049179100275768052150209375399419",
"13337740928175159383871802720892469121",
"199488054425381468054538460581216835579",
"272542966393869661927810074844494860565",
"50042127032734271336388324578295823012",
"115654318111499550427623890756851905634",
"276408233463882900729839658855231389318",
"308339223633298911252630915387257889266",
"180437011347013350230916310624629527575",
"28895953695910666067238604729251102470",
"218737858211990339887217685854071993855",
"15296571052605611714687845280881085534",
"316720368426529447815056177202755578995",
"278236535212490069415049092537919085430",
"101427733571512144937033309081206587525",
"147285870288971744045186813021497054603",
"40670676738936615326054506128610124224",
"333515045724905617093214801044397208582",
"210082053890601755083962114675563577996",
"232646768052481782671538411414671815158",
"191544610789149892934615371126359611954",
"83539619261385748655790012120573156009",
"227727047672855215105371381322717471285",
"314858372333437310684698453091410413951",
"302678399828485981790394170664615192978",
"69439438098781601605909005642564275576",
"289988596854226553567450107391494496419",
"111594317736714586322150672087582886657",
"329546962189922269897845170613506560139",
"101427733571512144937033309081206587525",
"147285870288971744045186813021497054603",
"40670676738936615326054506128610124224",
"333515045724905617093214801044397208582"
],
"threshold": 0.9
}
},
{
"target": {
"function": "loader",
"file": "jooby/src/main/java/org/jooby/handlers/AssetHandler.java"
},
"id": "CVE-2020-7647-3fbc3f0f",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"function_hash": "75241057967001708543721281957661057318",
"length": 389.0
}
},
{
"target": {
"file": "jooby/src/main/java/org/jooby/handlers/AssetHandler.java"
},
"id": "CVE-2020-7647-4090357a",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"line_hashes": [
"284322350492569361203734506765649291170",
"136827093381037059458616376707787565962",
"264303008917597091803557587115075696055",
"60391094099022606629608330065167045945",
"61801825286571956707359707498359713253",
"33526670066593473929596474822226528361",
"205403165638214790779260225634952758325",
"193489442842971561582292454855587077646",
"20442799290840717143268826577120657286",
"93986543121478937779861963432483137076",
"305291025028798569154029860022920087669",
"285335777361558924081872405524180021298",
"78342945295682891454935020018671613060",
"223419838728779314055983705709925705980",
"324551429510142990401124741168193164829",
"278320749890395878115291678375008741950",
"205183241704002128945135423206533714404",
"59052504140460411738338378794719648349",
"289065534069548466962947460895581151534",
"183611433890964603668251361930555441292",
"311308161950726684996214519692419857381",
"187298452861405541684825886488057519378",
"279281705128073278619715575461867803478",
"305395475114309386361540186419582807776",
"74012423974450463777487136179838645657",
"159171285040264884613342277930255316955",
"77660057087804913031363862899427491295",
"788229357149381105200211785686573652",
"179480269685709459926430911818804209249",
"126876795071536668615007228950638352250",
"50427289188281236132518963613984548263",
"214550049168712985641314749541024311605",
"247634509453895134292997914189489175492",
"255148454907132289276295066772800706345",
"148382419024157856204569456260564274626",
"288005860740605738608869021571912389044",
"619578806602993429146164857448611813",
"278896089546321282352813780308131577181",
"92068565714551165840960895930518440685",
"5725240016021211540320050202163470958",
"204660894949651229210459101273848472453",
"154483012249047875615819488984073941922",
"169143056989761286289151985313700935246",
"203194016462557195739070119297283820310",
"82828110035805884975016328122102661148"
],
"threshold": 0.9
}
},
{
"target": {
"file": "jooby/src/main/java/org/jooby/Route.java"
},
"id": "CVE-2020-7647-501d60fa",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"line_hashes": [
"52148661555948863435409834028586203781",
"184588606516991175512448254941564428088",
"263012345203460402638656135733543809824",
"169156186728749097061692794176810427175"
],
"threshold": 0.9
}
},
{
"target": {
"function": "AssetHandler",
"file": "jooby/src/main/java/org/jooby/handlers/AssetHandler.java"
},
"id": "CVE-2020-7647-63b39f70",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"function_hash": "254581573106088760683469565324234339652",
"length": 94.0
}
},
{
"target": {
"file": "modules/jooby-assets/src/main/java/org/jooby/assets/Assets.java"
},
"id": "CVE-2020-7647-81a91246",
"deprecated": false,
"signature_type": "Line",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"line_hashes": [
"331662337386970174962454510193855227212",
"134031160254590619306537787746623124145",
"169123550308704033040542670929144006853",
"106566741536656472393723582151532260825"
],
"threshold": 0.9
}
},
{
"target": {
"function": "shouldCallParentOnMissing",
"file": "jooby/src/test/java/org/jooby/handlers/AssetHandlerTest.java"
},
"id": "CVE-2020-7647-8d26ad11",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"function_hash": "196924709567893721070102555563098996456",
"length": 519.0
}
},
{
"target": {
"function": "AssetHandler",
"file": "jooby/src/main/java/org/jooby/handlers/AssetHandler.java"
},
"id": "CVE-2020-7647-a7a9a41e",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"function_hash": "131057297732683348926529263260131709388",
"length": 138.0
}
},
{
"target": {
"function": "ignoreMalformedURL",
"file": "jooby/src/test/java/org/jooby/handlers/AssetHandlerTest.java"
},
"id": "CVE-2020-7647-c0829416",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"function_hash": "218380327951740662995268275220733732761",
"length": 669.0
}
},
{
"target": {
"function": "AssetDefinition",
"file": "jooby/src/main/java/org/jooby/Route.java"
},
"id": "CVE-2020-7647-dfeb46d1",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"function_hash": "221043030479498978702136822320930078165",
"length": 130.0
}
},
{
"target": {
"function": "customClassloader",
"file": "jooby/src/test/java/org/jooby/handlers/AssetHandlerTest.java"
},
"id": "CVE-2020-7647-ed73fd86",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"function_hash": "27204629277782650604377669985330048389",
"length": 365.0
}
},
{
"target": {
"function": "init",
"file": "jooby/src/main/java/org/jooby/handlers/AssetHandler.java"
},
"id": "CVE-2020-7647-efdb4000",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"function_hash": "253752291365241395640510288289306821889",
"length": 363.0
}
},
{
"target": {
"function": "AssetHandler",
"file": "jooby/src/main/java/org/jooby/handlers/AssetHandler.java"
},
"id": "CVE-2020-7647-f693b473",
"deprecated": false,
"signature_type": "Function",
"source": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"signature_version": "v1",
"digest": {
"function_hash": "292608528522259998917157987719629665065",
"length": 136.0
}
}
]