Vulnerability Details CVE-2020-7611
All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1
- https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm
- https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342
- https://github.com/micronaut-projects/micronaut-core/commit/9d1eff5c8df1d6cda1fe00ef046729b2a6abe7f1
- https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-694p-xrhg-x3wm
- https://snyk.io/vuln/SNYK-JAVA-IOMICRONAUT-561342
Products affected by CVE-2020-7611
-
cpe:2.3:a:objectcomputing:micronaut:-
-
cpe:2.3:a:objectcomputing:micronaut:1.0.0
-
cpe:2.3:a:objectcomputing:micronaut:1.0.1
-
cpe:2.3:a:objectcomputing:micronaut:1.0.2
-
cpe:2.3:a:objectcomputing:micronaut:1.0.3
-
cpe:2.3:a:objectcomputing:micronaut:1.0.4
-
cpe:2.3:a:objectcomputing:micronaut:1.0.5
-
cpe:2.3:a:objectcomputing:micronaut:1.1.0
-
cpe:2.3:a:objectcomputing:micronaut:1.1.1
-
cpe:2.3:a:objectcomputing:micronaut:1.1.2
-
cpe:2.3:a:objectcomputing:micronaut:1.1.3
-
cpe:2.3:a:objectcomputing:micronaut:1.1.4
-
cpe:2.3:a:objectcomputing:micronaut:1.2.0
-
cpe:2.3:a:objectcomputing:micronaut:1.2.1
-
cpe:2.3:a:objectcomputing:micronaut:1.2.10
-
cpe:2.3:a:objectcomputing:micronaut:1.2.2
-
cpe:2.3:a:objectcomputing:micronaut:1.2.3
-
cpe:2.3:a:objectcomputing:micronaut:1.2.4
-
cpe:2.3:a:objectcomputing:micronaut:1.2.5
-
cpe:2.3:a:objectcomputing:micronaut:1.2.6
-
cpe:2.3:a:objectcomputing:micronaut:1.2.7
-
cpe:2.3:a:objectcomputing:micronaut:1.2.8
-
cpe:2.3:a:objectcomputing:micronaut:1.2.9
-
cpe:2.3:a:objectcomputing:micronaut:1.3.0
-
cpe:2.3:a:objectcomputing:micronaut:1.3.1