EUVD-2019-0378

Malware in sbrugna...

EUVD-2022-6117

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-21234

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set. CVE-2018-21234 Note that Nessus relies on the presence of th...

Linux Distros Unpatched Vulnerability : CVE-2018-12022

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific...

CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2018-21234

Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set...

SUSE CVE-2018-12022

An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled either globally or for a specific property, the service has the Jodd-db jar for database access for the Jodd framework in the classpath, and an attacker can provide an LDAP...

CRLF Injection

jodd-http is vulnerable to CRLF injection attacks. The vulnerability exists because the path function of HttpRequest.java does not properly encode the URLEncoder, allowing an attacker to inject and execute a malicious TCP payload by using \r\n in the query string...

GHSA-PP3C-CF6J-M3FF Server-Side Request Forgery in Jodd HTTP

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

cn.jque:jque-common (>=2022.06-24 <=2022.08.17_23), cn.wekture:fastapi-base (=0.0.1) +112 more potentially affected by CVE-2022-29631 via org.jodd:jodd-http (>=5.0.0 <=6.0.6)

org.jodd:jodd-http MAVEN version =5.0.0, =2022.06-24, =1.0.3, =1.0.3, =1.0.3, =1.0.2, =1.0.1, =3.7.9.B, =3.7.9.B, =3.7.9.B, =3.7.9.B, =4.3.5.B and more Source cves: CVE-2022-29631 Source advisory: OSV:GHSA-PP3C-CF6J-M3FF...

Server-Side Request Forgery in Jodd HTTP

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

Server side request forgery (ssrf)

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...

CVE-2022-29631

Removed by vendor...

CVE-2022-29631

CVE-2022-29631 affects Jodd HTTP v6.0.9. The issue is described as multiple CLRF injection vulnerabilities in the jodd.http.HttpRequest#set and jodd.http.HttpRequest#send, enabling Server-Side Request Forgery via a crafted TCP payload. The impact is SSRF with network access, as stated in the desc...

PT-2022-19738 · Jodd Http · Jodd Http

Name of the Vulnerable Software and Affected Versions: Jodd HTTP version 6.0.9 Description: The issue allows attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload, leveraging multiple CLRF injection vulnerabilities. These vulnerabilities are present in the components...

Jodd 注入漏洞

Jodd is a Java-based utility toolset. A security vulnerability exists in Jodd HTTP version v6.0.9, which stems from multiple Carriage Return Line Feed CLRF injection vulnerabilities discovered via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. An attacker could exploit thi...