CVE-2020-7622

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7622

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-7622.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-7622

Aliases

GHSA-gv3v-92v6-m48j

Related

GHSA-gv3v-92v6-m48j
SNYK-JAVA-IOJOOBY-564249

Published

2020-04-06T15:15:12Z

Modified

2025-10-15T12:22:53.285273Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.

References

Affected packages

Git / github.com/jooby-project/jooby

Affected ranges

Type: GIT
Repo: https://github.com/jooby-project/jooby
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b66e3342cf95205324023cfdf2cb5811e8a6dcf4

Affected versions

v0.*

v0.1.0

v0.10.0

v0.11.0

v0.11.1

v0.11.2

v0.14.0

v0.15.0

v0.15.1

v0.16.0

v0.2.0

v0.2.1

v0.3.0

v0.4.0

v0.4.1

v0.4.2

v0.5.0

v0.5.1

v0.5.3

v0.6.0

v0.6.1

v0.6.2

v0.6.3

v0.6.4

v0.8.0

v0.8.2

v0.9.0

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.0.0.CR1

v1.0.0.CR2

v1.0.0.CR3

v1.0.0.CR4

v1.0.0.CR5

v1.0.0.CR6

v1.0.0.CR7

v1.0.0.CR8

v1.0.1

v1.0.2

v1.0.3

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.3.0

v1.4.0

v1.4.1

v1.5.0

v2.*

v2.0.0

v2.0.0.M1

v2.0.0.M2

v2.0.0.M3

v2.0.0.RC1

v2.0.0.RC2

v2.0.0.RC3

v2.0.1

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.1.0

Database specific

vanir_signatures

[
    {
        "digest": {
            "line_hashes": [
                "167345421666657860427751115286855856640",
                "98861883001289007481740951409216580623",
                "263964561421323040037916083311620652220",
                "222447488414536693641406874608061879292"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "modules/jooby-netty/src/main/java/io/jooby/internal/netty/NettyContext.java"
        },
        "signature_type": "Line",
        "id": "CVE-2020-7622-b03c8724",
        "signature_version": "v1",
        "deprecated": false,
        "source": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
    }
]