Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
3 vulnerabilities by jooby
CVE-2020-7647 (GCVE-0-2020-7647)
Vulnerability from cvelistv5 – Published: 2020-05-11 19:30 – Updated: 2024-08-04 09:33
VLAI?
Summary
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.
Severity ?
No CVSS data available.
CWE
- Directory Traversal
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | io.jooby:jooby and org.jooby:jooby |
Affected:
all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.945Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "io.jooby:jooby and org.jooby:jooby",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-11T19:30:18.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807%2C"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "io.jooby:jooby and org.jooby:jooby",
"version": {
"version_data": [
{
"version_value": "all versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806,",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-568806,"
},
{
"name": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807,",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-ORGJOOBY-568807,"
},
{
"name": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7647",
"datePublished": "2020-05-11T19:30:18.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:19.945Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7622 (GCVE-0-2020-7622)
Vulnerability from cvelistv5 – Published: 2020-04-06 14:08 – Updated: 2024-09-16 17:03
VLAI?
Title
HTTP Response Splitting
Summary
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
Severity ?
6.5 (Medium)
CWE
- HTTP Response Splitting
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | io.jooby:jooby-netty |
Affected:
unspecified , < 1.6.9
(custom)
Affected: 2.0.0 , < unspecified (custom) Affected: unspecified , < 2.2.1 (custom) |
Date Public ?
2021-08-02 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:19.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "io.jooby:jooby-netty",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.6.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
},
{
"lessThan": "unspecified",
"status": "affected",
"version": "2.0.0",
"versionType": "custom"
},
{
"lessThan": "2.2.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Jonathan Leitschuh"
}
],
"datePublic": "2021-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn\u0027t being abused for HTTP Response Splitting."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "HTTP Response Splitting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-02T10:26:21.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
],
"title": "HTTP Response Splitting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"DATE_PUBLIC": "2021-08-02T07:51:16.381739Z",
"ID": "CVE-2020-7622",
"STATE": "PUBLIC",
"TITLE": "HTTP Response Splitting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "io.jooby:jooby-netty",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "1.6.9"
},
{
"version_affected": "\u003e=",
"version_value": "2.0.0"
},
{
"version_affected": "\u003c",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Jonathan Leitschuh"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn\u0027t being abused for HTTP Response Splitting."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HTTP Response Splitting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249"
},
{
"name": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4"
},
{
"name": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7622",
"datePublished": "2020-04-06T14:08:48.593Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-09-16T17:03:41.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15477 (GCVE-0-2019-15477)
Vulnerability from cvelistv5 – Published: 2019-08-23 12:19 – Updated: 2024-08-05 00:49
VLAI?
Summary
Jooby before 1.6.4 has XSS via the default error handler.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:49:13.342Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Jooby before 1.6.4 has XSS via the default error handler."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-23T12:19:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-15477",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jooby before 1.6.4 has XSS via the default error handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jooby-project/jooby/pull/1368",
"refsource": "MISC",
"url": "https://github.com/jooby-project/jooby/pull/1368"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-15477",
"datePublished": "2019-08-23T12:19:16.000Z",
"dateReserved": "2019-08-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:49:13.342Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}