Vulnerability Description
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Objectcomputing | Micronaut | < 1.2.11 |
Related Weaknesses (CWE)
References
- https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fePatch
- https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-69ExploitPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342ExploitThird Party Advisory
- https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fePatch
- https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-69ExploitPatchThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342ExploitThird Party Advisory
FAQ
What is CVE-2020-7611?
CVE-2020-7611 is a vulnerability with a CVSS score of 9.8 (CRITICAL). All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed t...
How severe is CVE-2020-7611?
CVE-2020-7611 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-7611?
Check the references section above for vendor advisories and patch information. Affected products include: Objectcomputing Micronaut.