RSS   Vulnerabilities for 'Jooby'   RSS

2020-05-11
 
CVE-2020-7647

CWE-22
 

 
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.

 
2020-04-06
 
CVE-2020-7622

CWE-444
 

 
All versions of Jooby before 2.2.1 are vulnerable to HTTP Response Splitting. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.

 
2019-08-23
 
CVE-2019-15477

CWE-79
 

 
Jooby before 1.6.4 has XSS via the default error handler.

 


Copyright 2024, cxsecurity.com

 

Back to Top