Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7622 | 1 Jooby | 1 Jooby | 2021-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting. | |||||
| CVE-2020-7647 | 1 Jooby | 1 Jooby | 2020-05-14 | 5.0 MEDIUM | 5.3 MEDIUM |
| All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. | |||||
| CVE-2019-15477 | 1 Jooby | 1 Jooby | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jooby before 1.6.4 has XSS via the default error handler. | |||||