Edgar Espina

3 exploits Active since Aug 2019
CVE-2019-15477 NOMISEC MEDIUM STUB
Jooby < 1.6.4 - XSS
Jooby before 1.6.4 has XSS via the default error handler.
CVSS 6.1
CVE-2020-7622 WRITEUP MEDIUM WRITEUP
io.jooby:jooby-netty <1.6.9, <2.0.0-<2.2.1 - XSS
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
CVSS 6.5
CVE-2020-7647 WRITEUP MEDIUM WRITEUP
Jooby < 1.6.7 - Path Traversal
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.
CVSS 5.3