3 matches found
org.jooby:coverage-report (>=0.5.0 <=1.1.2), org.jooby:jooby-akka (>=1.0.0 <=1.6.3) +101 more potentially affected by CVE-2019-15477 via org.jooby:jooby (>=0.1.0 <=1.6.3)
org.jooby:jooby MAVEN version =0.1.0, =0.5.0, =1.0.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.6.3 and more Source cves: CVE-2019-15477 Source advisory: OSV:GHSA-F5F4-M7QP-W6GC...
CVE-2019-15477
Jooby before 1.6.4 has XSS via the default error handler...
CVE-2019-15477
This CVE refers to Jooby, a modular Java/Kotlin web framework. The affected component is the framework’s default error handler, where a Cross-Site Scripting (XSS) vulnerability exists in Jooby versions prior to 1.6.4. The underlying issue is that user-controlled data could be reflected via error ...