Lucene search
K

4 matches found

CVE
CVE
added 2020/03/25 5:45 p.m.74 views

CVE-2020-5280

CVE-2020-5280 affects http4s prior to versions 0.18.26, 0.20.20, and 0.21.2. The local file inclusion arises from incorrect URI normalization in FileService, ResourceService, and WebjarService, allowing path segments like ../ or // to access resources outside the configured location. Patches exis...

7.6CVSS7.2AI score0.06817EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2020/03/25 5:45 p.m.30 views

CVE-2020-5280 Local file inclusion vulnerability in http4s

http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalizatio...

7.6CVSS7.2AI score0.06817EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2020/03/25 5:35 p.m.8 views

com.dbrsn:universal-health-check-http4s_2.12 (=0.0.5), com.github.agourlay:cornichon-http-mock_2.12 (>=0.12.7 <=0.16.3) +36 more potentially affected by CVE-2020-5280 via org.http4s:http4s-server_2.12 (>=0.10.0-M10 <=0.18.25)

org.http4s:http4s-server2.12 MAVEN version =0.10.0-M10, =0.12.7, =0.0.3, =0.1.0-RC2, =0.5.2, =2.1.0, =2.2.0, =2.2.0, =2.2.0, =2.3.0, =2.2.0, =2.3.0, =2.2.2, =2.2.5 and more Source cves: CVE-2020-5280 Source advisory: OSV:GHSA-66Q9-F7FF-MMX6...

7.6CVSS7.1AI score0.06817EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2020/03/25 5:35 p.m.4 views

com.avast.grpc:grpc-json-bridge-http4s_2.12 (>=0.18.3 <=0.18.5), com.avast:sst-bundle-monix-http4s-blaze_2.12 (>=0.1.21 <=0.6.5) +59 more potentially affected by CVE-2020-5280 via org.http4s:http4s-server_2.12 (>=0.21.0 <=0.21.19)

org.http4s:http4s-server2.12 MAVEN version =0.21.0, =0.18.3, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.6.5 - com.clovellytech:h4sm-auth2.12 =0.0.42 - com.clovellytech:h4sm-features2.12 =0.0.42 - com.clovellytech:h4sm-files2.12 =0.0.42 - com.clovellytech:h4sm-invitations2.12 =0.0.42...

7.6CVSS7.1AI score0.06817EPSS
Exploits0
Rows per page
Query Builder