8 matches found
CVE-2020-7611
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client...
EUVD-2020-0334
Malware in sbrugna...
CVE-2020-7611
CVE-2020-7611 affects io.micronaut:micronaut-http-client. Vulnerable versions: all before 1.2.11 and 1.3.0–1.3.1/2 (i.e., 1.3.1) are susceptible to HTTP Request Header Injection caused by not validating headers passed to the client. The issue can enable manipulation of request headers and, per ad...
io.micronaut.configuration:micronaut-netflix-ribbon (=1.1.0), io.micronaut.configuration:micronaut-security-oauth2 (>=1.3.0 <=1.3.1) +3 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.3.0 <=1.3.1)
io.micronaut:micronaut-http-client MAVEN version =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2020-7611 Source advisory: OSV:GHSA-694P-XRHG-X3WM...
com.agorapulse:micronaut-snitch (>=0.1.2 <=1.1.3), io.github.oleksivio.tl.kbot:micronaut (=1.6.0) +14 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.0.0 <=1.2.10)
io.micronaut:micronaut-http-client MAVEN version =1.0.0, =0.1.2, =1.4.0, =1.1.0, =1.0.0, =1.0.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.19, =1.2.19, =1.0.3, =1.3.1 and more Source cves: CVE-2020-7611 Source advisory: OSV:GHSA-694P-XRHG-X3WM...
io.micronaut.configuration:micronaut-netflix-ribbon (=1.1.0), io.micronaut.configuration:micronaut-security-oauth2 (>=1.3.0 <=1.3.1) +3 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.3.0 <=1.3.1)
io.micronaut:micronaut-http-client MAVEN version =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2020-7611 Source advisory: SNYK:JAVA-IOMICRONAUT-561342...
HTTP Request Header Injection
Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to HTTP Request Header Injection due to not validating request headers...
com.agorapulse:micronaut-snitch (>=0.1.2 <=1.1.3), io.github.oleksivio.tl.kbot:micronaut (=1.6.0) +14 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.0.0 <=1.2.10)
io.micronaut:micronaut-http-client MAVEN version =1.0.0, =0.1.2, =1.4.0, =1.1.0, =1.0.0, =1.0.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.19, =1.2.19, =1.0.3, =1.3.1 and more Source cves: CVE-2020-7611 Source advisory: SNYK:JAVA-IOMICRONAUT-561342...