All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.
References
Link | Resource |
---|---|
https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm | Exploit Patch Third Party Advisory |
https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342 | Exploit Third Party Advisory |
https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1 | Patch |
Configurations
Configuration 1 (hide)
|
Information
Published : 2020-03-30 15:15
Updated : 2020-04-02 07:37
NVD link : CVE-2020-7611
Mitre link : CVE-2020-7611
JSON object : View
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Products Affected
objectcomputing
- micronaut