Homepage
About Snyk

HTTP Response Splitting Affecting io.jooby:jooby-netty package, versions [,1.6.9) [2.0.0, 2.2.1)

0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    EPSS 0.42% (74th percentile)
Expand this section
NVD
9.8 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JAVA-IOJOOBY-564249
  • published 2 Apr 2020
  • disclosed 2 Apr 2020
  • credit Jonathan Leitschuh
Report a new vulnerability Found a mistake?

Introduced: 2 Apr 2020

CVE-2020-7622 Open this link in a new tab
CWE-113 Open this link in a new tab
First added by Snyk

How to fix?

Upgrade io.jooby:jooby-netty to version 1.6.9, 2.2.1 or higher.

Overview

io.jooby:jooby-netty is a netty implementation in jooby

Affected versions of this package are vulnerable to HTTP Response Splitting. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.