CVE-2025-31129

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

CVE-2025-31129 jooby-pac4j: deserialization of untrusted data

Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImplget module deserializes untrusted data. This vulnerability is fixed in 2.17.0 2.x and 3.7.0 3.x...

jooby 代码问题漏洞

jooby is a modular web framework for Java and Kotlin from jooby open source. A code issue vulnerability exists in jooby version 2.17.0 and versions prior to 3.7.0, which stems from deserializing untrusted data...

Directory Traversal

Overview org.jooby:jooby is a modern, performant and easy to use web framework for Java and Kotlin built on top of your favorite web server. Affected versions of this package are vulnerable to Directory Traversal. There are two ways this vulnerability can be leveraged: When sharing a File System...

Directory Traversal

Overview io.jooby:jooby is a modular web framework for Java and Kotlin. Affected versions of this package are vulnerable to Directory Traversal. There are two ways this vulnerability can be leveraged: When sharing a File System directory as in: assets"/static/", Paths.get"static" The class path...

Jooby Environmental Issues Vulnerability

Jooby is a modular micro-Web framework for Java and Kotlin . An environmental issue vulnerability exists in Jooby versions prior to 2.2.1 that stems from a user input validation error in the response header. A remote attacker can exploit this vulnerability to inject arbitrary HTTP headers...