Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set.
9.8CVSS
9.4AI Score
0.005EPSS
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload.
7.5CVSS
7.8AI Score
0.001EPSS