org.http4s:http4s-core_2.12@1.0.0-M13 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.http4s:http4s-core_2.12 package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
HTTP Response Splitting

Affected versions of this package are vulnerable to HTTP Response Splitting when untrusted user input is used to create any of the following fields:

  1. Header names (Header.name)

  2. Header values (Header.value)

  3. Status reason phrases (Status.reason)

  4. URI paths (Uri.Path)

  5. URI authority registered names (URI.RegName)

How to fix HTTP Response Splitting?

Upgrade org.http4s:http4s-core_2.12 to version 0.21.29, 0.22.5, 0.23.4, 1.0.0-M27 or higher.

[,0.21.29) [0.22.0,0.22.5) [0.23.0,0.23.4) [1.0.0-M1,1.0.0-M27)