4 matches found
CVE-2020-5280
CVE-2020-5280 affects http4s prior to versions 0.18.26, 0.20.20, and 0.21.2. The local file inclusion arises from incorrect URI normalization in FileService, ResourceService, and WebjarService, allowing path segments like ../ or // to access resources outside the configured location. Patches exis...
CVE-2020-5280 Local file inclusion vulnerability in http4s
http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file inclusion vulnerability. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalizatio...
com.dbrsn:universal-health-check-http4s_2.12 (=0.0.5), com.github.agourlay:cornichon-http-mock_2.12 (>=0.12.7 <=0.16.3) +36 more potentially affected by CVE-2020-5280 via org.http4s:http4s-server_2.12 (>=0.10.0-M10 <=0.18.25)
org.http4s:http4s-server2.12 MAVEN version =0.10.0-M10, =0.12.7, =0.0.3, =0.1.0-RC2, =0.5.2, =2.1.0, =2.2.0, =2.2.0, =2.2.0, =2.3.0, =2.2.0, =2.3.0, =2.2.2, =2.2.5 and more Source cves: CVE-2020-5280 Source advisory: OSV:GHSA-66Q9-F7FF-MMX6...
com.avast.grpc:grpc-json-bridge-http4s_2.12 (>=0.18.3 <=0.18.5), com.avast:sst-bundle-monix-http4s-blaze_2.12 (>=0.1.21 <=0.6.5) +59 more potentially affected by CVE-2020-5280 via org.http4s:http4s-server_2.12 (>=0.21.0 <=0.21.19)
org.http4s:http4s-server2.12 MAVEN version =0.21.0, =0.18.3, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.1.21, =0.6.5 - com.clovellytech:h4sm-auth2.12 =0.0.42 - com.clovellytech:h4sm-features2.12 =0.0.42 - com.clovellytech:h4sm-files2.12 =0.0.42 - com.clovellytech:h4sm-invitations2.12 =0.0.42...