8 matches found
CVE-2020-7611
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client...
EUVD-2020-0334
Malware in sbrugna...
CVE-2020-7611
CVE-2020-7611 affects io.micronaut:micronaut-http-client. Vulnerable versions: all before 1.2.11 and 1.3.0–1.3.1/2 (i.e., 1.3.1) are susceptible to HTTP Request Header Injection caused by not validating headers passed to the client. The issue can enable manipulation of request headers and, per ad...
io.micronaut.configuration:micronaut-netflix-ribbon (=1.1.0), io.micronaut.configuration:micronaut-security-oauth2 (>=1.3.0 <=1.3.1) +3 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.3.0 <=1.3.1)
io.micronaut:micronaut-http-client MAVEN version =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2020-7611 Source advisory: OSV:GHSA-694P-XRHG-X3WM...
com.agorapulse:micronaut-snitch (>=0.1.2 <=1.1.3), io.github.oleksivio.tl.kbot:micronaut (=1.6.0) +14 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.0.0 <=1.2.10)
io.micronaut:micronaut-http-client MAVEN version =1.0.0, =0.1.2, =1.4.0, =1.1.0, =1.0.0, =1.0.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.19, =1.2.19, =1.0.3, =1.3.1 and more Source cves: CVE-2020-7611 Source advisory: OSV:GHSA-694P-XRHG-X3WM...
io.micronaut.configuration:micronaut-netflix-ribbon (=1.1.0), io.micronaut.configuration:micronaut-security-oauth2 (>=1.3.0 <=1.3.1) +3 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.3.0 <=1.3.1)
io.micronaut:micronaut-http-client MAVEN version =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.0, =1.3.1 Source cves: CVE-2020-7611 Source advisory: SNYK:JAVA-IOMICRONAUT-561342...
com.agorapulse:micronaut-snitch (>=0.1.2 <=1.1.3), io.github.oleksivio.tl.kbot:micronaut (=1.6.0) +14 more potentially affected by CVE-2020-7611 via io.micronaut:micronaut-http-client (>=1.0.0 <=1.2.10)
io.micronaut:micronaut-http-client MAVEN version =1.0.0, =0.1.2, =1.4.0, =1.1.0, =1.0.0, =1.0.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.2.19, =1.2.19, =1.0.3, =1.3.1 and more Source cves: CVE-2020-7611 Source advisory: SNYK:JAVA-IOMICRONAUT-561342...
HTTP Request Header Injection
Overview io.micronaut:micronaut-http-client is a modern, JVM-based, full stack microservices framework designed for building modular, easily testable microservice applications. Affected versions of this package are vulnerable to HTTP Request Header Injection due to not validating request headers...