Homepage

org.http4s:http4s-server_2.13@0.10.0-M10 vulnerabilities

  • latest version

    0.23.30

  • latest non vulnerable version

    1.0-234-d1a2b53

  • first published

    5 years ago

  • latest version published

    2 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.http4s:http4s-server_2.13 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Origin Validation Error

    Affected versions of this package are vulnerable to Origin Validation Error. In http4s, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null Origin Attack. The original CORS implementation and CORSConfig are deprecated.

    How to fix Origin Validation Error?

    Upgrade org.http4s:http4s-server_2.13 to version 0.21.27, 0.22.3, 0.23.2, 1.0.0-M25 or higher.

    [,0.21.27)[0.22.0,0.22.3)[0.23.0,0.23.2)[1.0.0-M2,1.0.0-M25)
    • H
    Local File Inclusion

    Affected versions of this package are vulnerable to Local File Inclusion. This vulnerability applies to all users of org.http4s.server.staticcontent.FileService, org.http4s.server.staticcontent.ResourceService and org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain ../ or // can expose resources outside of the configured location.

    How to fix Local File Inclusion?

    Upgrade org.http4s:http4s-server_2.13 to version 0.21.2, 0.20.20, 0.18.26 or higher.

    [0.21.0,0.21.2)[0.19.0,0.20.20)[,0.18.26)
    Go back to all versions of this package