HTTP Response Splitting Affecting io.jooby:jooby-netty package, versions [,1.6.9) [2.0.0, 2.2.1)
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
EPSS
0.42% (74th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-IOJOOBY-564249
- published 2 Apr 2020
- disclosed 2 Apr 2020
- credit Jonathan Leitschuh
Introduced: 2 Apr 2020
CVE-2020-7622 Open this link in a new tabHow to fix?
Upgrade io.jooby:jooby-netty
to version 1.6.9, 2.2.1 or higher.
Overview
io.jooby:jooby-netty is a netty implementation in jooby
Affected versions of this package are vulnerable to HTTP Response Splitting. The DefaultHttpHeaders
is set to false
which means it does not validates that the header isn't being abused for HTTP Response Splitting.