First published: Mon Jun 06 2022(Updated: )
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jodd HTTP | >=5.0<=6.2.1 | |
Jodd Jodd Http | >=5.0<6.2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-29631 refers to multiple CLRF injection vulnerabilities in Jodd HTTP v6.0.9.
CVE-2022-29631 has a severity rating of 7.5, which is considered high.
The vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) by using a crafted TCP payload.
Versions between 5.0 and 6.2.1 of Jodd HTTP are affected by CVE-2022-29631.
Yes, you can find more information about CVE-2022-29631 in the GitHub issues: - [https://github.com/oblac/jodd-http/issues/9](https://github.com/oblac/jodd-http/issues/9) - [https://github.com/oblac/jodd/issues/787](https://github.com/oblac/jodd/issues/787)