Jooby: Security Vulnerabilities
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.
CVSS Score
5.3
EPSS Score
0.003
Published
2020-05-11
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
CVSS Score
6.5
EPSS Score
0.005
Published
2020-04-06
Jooby before 1.6.4 has XSS via the default error handler.
CVSS Score
6.1
EPSS Score
0.003
Published
2019-08-23