Homepage

org.http4s:http4s-server_2.13@1.0.0-M3 vulnerabilities

  • latest version

    0.23.30

  • latest non vulnerable version

    1.0-234-d1a2b53

  • first published

    5 years ago

  • latest version published

    2 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.http4s:http4s-server_2.13 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Origin Validation Error

    Affected versions of this package are vulnerable to Origin Validation Error. In http4s, the default CORS configuration is vulnerable to an origin reflection attack. The middleware is also susceptible to a Null Origin Attack. The original CORS implementation and CORSConfig are deprecated.

    How to fix Origin Validation Error?

    Upgrade org.http4s:http4s-server_2.13 to version 0.21.27, 0.22.3, 0.23.2, 1.0.0-M25 or higher.

    [,0.21.27)[0.22.0,0.22.3)[0.23.0,0.23.2)[1.0.0-M2,1.0.0-M25)
    Go back to all versions of this package