Local File Inclusion Affecting org.http4s:http4s-server Open this link in a new tab package, versions [0.21.0,0.21.2) [0.19.0,0.20.20) [,0.18.26)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
26 Mar 2020
25 Mar 2020
How to fix?
org.http4s:http4s-server to version 0.21.2, 0.20.20, 0.18.26 or higher.
org.http4s:http4s-server is a base library for building http4s servers.
Affected versions of this package are vulnerable to Local File Inclusion. This vulnerability applies to all users of
org.http4s.server.staticcontent.WebjarService. URI normalization is applied incorrectly. Requests whose path info contain
// can expose resources outside of the configured location.