HTTP Response Splitting Affecting io.jooby:jooby-netty Open this link in a new tab package, versions [,1.6.9) [2.0.0, 2.2.1)

  • Attack Complexity


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    2 Apr 2020

  • disclosed

    2 Apr 2020

  • credit

    Jonathan Leitschuh

How to fix?

Upgrade io.jooby:jooby-netty to version 1.6.9, 2.2.1 or higher.


io.jooby:jooby-netty is a netty implementation in jooby

Affected versions of this package are vulnerable to HTTP Response Splitting. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.