Skip to main content

Jooby

3 CVEs product

Monthly

CVE-2020-7647 Maven MEDIUM PATCH This Month

All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jooby
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2020-7622 Maven CRITICAL POC PATCH Act Now

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jooby
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
CVE-2019-15477 Maven MEDIUM POC PATCH This Month

Jooby before 1.6.4 has XSS via the default error handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jooby
NVD GitHub
CVSS 3.0
6.1
EPSS
1.0%
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Jooby
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC PATCH Act Now

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Information Disclosure Jooby
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Jooby before 1.6.4 has XSS via the default error handler. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jooby
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy