Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-JAVA-IOJOOBY-564249
- published 2 Apr 2020
- disclosed 2 Apr 2020
- credit Jonathan Leitschuh
How to fix?
io.jooby:jooby-netty to version 1.6.9, 2.2.1 or higher.
io.jooby:jooby-netty is a netty implementation in jooby
Affected versions of this package are vulnerable to HTTP Response Splitting. The
DefaultHttpHeaders is set to
false which means it does not validates that the header isn't being abused for HTTP Response Splitting.