13 matches found
EUVD-2022-6117
Malicious code in bioql PyPI...
CVE-2022-29631
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...
CRLF Injection
jodd-http is vulnerable to CRLF injection attacks. The vulnerability exists because the path function of HttpRequest.java does not properly encode the URLEncoder, allowing an attacker to inject and execute a malicious TCP payload by using \r\n in the query string...
GHSA-PP3C-CF6J-M3FF Server-Side Request Forgery in Jodd HTTP
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...
cn.jque:jque-common (>=2022.06-24 <=2022.08.17_23), cn.wekture:fastapi-base (=0.0.1) +112 more potentially affected by CVE-2022-29631 via org.jodd:jodd-http (>=5.0.0 <=6.0.6)
org.jodd:jodd-http MAVEN version =5.0.0, =2022.06-24, =1.0.3, =1.0.3, =1.0.3, =1.0.2, =1.0.1, =3.7.9.B, =3.7.9.B, =3.7.9.B, =3.7.9.B, =4.3.5.B and more Source cves: CVE-2022-29631 Source advisory: OSV:GHSA-PP3C-CF6J-M3FF...
Server-Side Request Forgery in Jodd HTTP
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...
CVE-2022-29631
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...
CVE-2022-29631
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...
CVE-2022-29631
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...
Server side request forgery (ssrf)
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...
CVE-2022-29631
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequestset and jodd.http.HttpRequestsend. These vulnerabilities allow attackers to execute Server-Side Request Forgery SSRF via a crafted TCP payload...
CVE-2022-29631
Removed by vendor...
CVE-2022-29631
CVE-2022-29631 affects Jodd HTTP v6.0.9. The issue is described as multiple CLRF injection vulnerabilities in the jodd.http.HttpRequest#set and jodd.http.HttpRequest#send, enabling Server-Side Request Forgery via a crafted TCP payload. The impact is SSRF with network access, as stated in the desc...