2 matches found
EAP: field-name is not parsed in accordance to RFC7230
A flaw was discovered in JBoss EAP, where it does not process the header field-name in accordance with RFC7230. Whitespace between the header field-name and colon is processed, resulting in an HTTP response code of 200 instead of a bad request of 400...
GHSA-66Q9-F7FF-MMX6 Local file inclusion vulnerability in http4s
Impact This vulnerability applies to all users of: org.http4s.server.staticcontent.FileService org.http4s.server.staticcontent.ResourceService org.http4s.server.staticcontent.WebjarService Path escaping URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expos...