Vulnerability Description
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
CVSS Score
6.5
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Jooby | Jooby | < 1.6.9 |
References
- https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8PatchThird Party Advisory
- https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48jExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249PatchThird Party Advisory
- https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8PatchThird Party Advisory
- https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48jExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249PatchThird Party Advisory
FAQ
What is CVE-2020-7622?
CVE-2020-7622 is a vulnerability with a CVSS score of 6.5 (MEDIUM). This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for...
How severe is CVE-2020-7622?
CVE-2020-7622 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7622?
Check the references section above for vendor advisories and patch information. Affected products include: Jooby Jooby.