com.github.philippefichet:asciidoc4netbeans (>=1.0.0 <=1.0.1), com.macdservices:jmacd-server (>=1.1.1.1 <=1.1.1.7) +52 more potentially affected by CVE-2020-7647 via io.jooby:jooby (>=2.0.0.M1 <=2.8.10)

io.jooby:jooby MAVEN version =2.0.0.M1, =1.0.0, =1.1.1.1, =1.1.1.1, =2.7.0, =2.7.0, =2.7.0, =2.1.0, =2.6.0, =2.0.6, =2.8.10, =2.8.10, =2.10.0, =2.6.1, =2.0.1, =2.17.0 and more Source cves: CVE-2020-7647 Source advisory: SNYK:JAVA-IOJOOBY-568806...

Directory Traversal

Overview org.jooby:jooby is a modern, performant and easy to use web framework for Java and Kotlin built on top of your favorite web server. Affected versions of this package are vulnerable to Directory Traversal. There are two ways this vulnerability can be leveraged: When sharing a File System...

Directory Traversal

Overview io.jooby:jooby is a modular web framework for Java and Kotlin. Affected versions of this package are vulnerable to Directory Traversal. There are two ways this vulnerability can be leveraged: When sharing a File System directory as in: assets"/static/", Paths.get"static" The class path...

org.jooby:coverage-report (>=1.0.0.CR1 <=1.1.2), org.jooby:jooby-akka (>=1.0.0 <=1.6.6) +98 more potentially affected by CVE-2020-7647 via org.jooby:jooby (>=1.0.0 <=1.6.6)

org.jooby:jooby MAVEN version =1.0.0, =1.0.0.CR1, =1.0.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.6.6 and more Source cves: CVE-2020-7647 Source advisory: SNYK:JAVA-ORGJOOBY-568807...

Jooby Environmental Issues Vulnerability

Jooby is a modular micro-Web framework for Java and Kotlin . An environmental issue vulnerability exists in Jooby versions prior to 2.2.1 that stems from a user input validation error in the response header. A remote attacker can exploit this vulnerability to inject arbitrary HTTP headers...

CVE-2020-7622

CVE-2020-7622 affects io.jooby:jooby-netty before 1.6.9 and before 2.2.1, where DefaultHttpHeaders is set to false and header validation is disabled, enabling HTTP Response Splitting as described in public advisories. Exploitation status is not provided in the docs. Impact is a potential for abus...

Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...

GHSA-GV3V-92V6-M48J Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)

Impact - Cross Site Scripting - Cache Poisoning - Page Hijacking Patches This was fixed in version 2.2.1. Workarounds If you are unable to update, ensure that user supplied data isn't able to flow to HTTP headers. If it does, pre-sanitize for CRLF characters. References CWE-113: Improper...

HTTP Response Splitting

Overview io.jooby:jooby-netty is a netty implementation in jooby Affected versions of this package are vulnerable to HTTP Response Splitting. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting. Remediation Upgrad...

GHSA-F5F4-M7QP-W6GC Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

Cross-site Scripting in Jooby

Jooby before 1.6.4 has XSS via the default error handler...

org.jooby:coverage-report (>=0.5.0 <=1.1.2), org.jooby:jooby-akka (>=0.10.0 <=1.6.3) +101 more potentially affected by CVE-2019-15477 via org.jooby:jooby (>=0.10.0 <=1.6.3)

org.jooby:jooby MAVEN version =0.10.0, =0.5.0, =0.10.0, =1.2.0, =0.11.0, =1.0.0, =0.12.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =1.0.0, =0.11.0, =0.11.0, =0.11.0, =0.11.0, =1.6.3 and more Source cves: CVE-2019-15477 Source advisory: OSV:GHSA-F5F4-M7QP-W6GC...

Jooby Cross-Site Scripting Vulnerability

Jooby is a modular micro-Web framework for Java and Kotlin . A cross-site scripting vulnerability exists in Jooby versions prior to 1.6.4, which can be exploited by an attacker to execute client-side code...

Cross-site Scripting (XSS)

Jooby is vulnerable to cross-site scripting XSS. The attack can be triggered when an attacker inject a malicious script through the default error handler...

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...

Default credentials

Jooby before 1.6.4 has XSS via the default error handler...

CVE-2019-15477

This CVE refers to Jooby, a modular Java/Kotlin web framework. The affected component is the framework’s default error handler, where a Cross-Site Scripting (XSS) vulnerability exists in Jooby versions prior to 1.6.4. The underlying issue is that user-controlled data could be reflected via error ...

CVE-2019-15477

Jooby before 1.6.4 has XSS via the default error handler...