HTTP Header Injection Affecting wonder.utilities:utilities package, versions [0,]


0.0
high
  • Exploit Maturity

    Proof of concept

  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-WONDERUTILITIES-3023728

  • published

    15 Sep 2022

  • disclosed

    15 Sep 2022

  • credit

    Zachary Puhl

How to fix?

A fix was pushed into the master branch but not yet published.

Overview

Affected versions of this package are vulnerable to HTTP Header Injection which allows bypassing any adaptor pre-filtering of content headers and overwriting web-server environment variables such as REMOTE_ADDR and DOCUMENT_ROOT from Apache.

References