GHSA-35fr-h7jr-hh86
Suggest an improvement- Source
- https://github.com/advisories/GHSA-35fr-h7jr-hh86
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/12/GHSA-35fr-h7jr-hh86/GHSA-35fr-h7jr-hh86.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-35fr-h7jr-hh86
- Aliases
- Published
- 2019-12-06T18:55:47Z
- Modified
- 2024-12-02T05:41:27.733809Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS Calculator
- Summary
- Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
- Details
-
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response.
Impact
- Cross-User Defacement
- Cache Poisoning
- Cross-Site Scripting (XSS)
- Page Hijacking
Root Cause
The root cause is due to the usage of Netty without the HTTP header validation.
https://github.com/line/armeria/blob/f0d870fde1088114070be31b67f7df0a21e835c6/core/src/main/java/com/linecorp/armeria/common/DefaultHttpHeaders.java#L23
Patches
This vulnerability has been patched in 0.97.0.
References
CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') https://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j
For more information
If you have any questions or comments about this advisory: * Open an issue in GitHub
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-113", "CWE-74" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-04-27T18:03:07Z" }- References
Affected packages
Maven / com.linecorp.armeria:armeria
Package
- Name
- com.linecorp.armeria:armeria
- View open source insights on deps.dev
- Purl
- pkg:maven/com.linecorp.armeria/armeria