CVE-2022-29631

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Jodd HTTP version 6.0.9

Description The issue allows attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload, leveraging multiple CLRF injection vulnerabilities. These vulnerabilities are present in the components jodd.http.HttpRequest#set and jodd.http.HttpRequest#send.

Recommendations For Jodd HTTP version 6.0.9, consider disabling the jodd.http.HttpRequest#set and jodd.http.HttpRequest#send functions until a patch is available to prevent exploitation.

Exploit

Fix

Special Elements Injection

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-918

Related Identifiers

CVE-2022-29631

GHSA-PP3C-CF6J-M3FF

Affected Products

Jodd Http

CVE-2022-29631

Weakness Enumeration

Related Identifiers

Affected Products

References · 11