CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-29631
https://notcve.org/view.php?id=CVE-2022-29631
Jodd HTTP v6.0.9 was discovered to contain multiple CLRF injection vulnerabilities via the components jodd.http.HttpRequest#set and `jodd.http.HttpRequest#send. These vulnerabilities allow attackers to execute Server-Side Request Forgery (SSRF) via a crafted TCP payload. Se ha detectado que Jodd HTTP versión 6.0.9, contiene múltiples vulnerabilidades de inyección CLRF por medio de los componentes jodd.http.HttpRequest#set y "jodd.http.HttpRequest#send. Estas vulnerabilidades permiten a atacantes ejecutar vulnerabilidades de tipo Server-Side Request Forgery (SSRF) por medio de una carga útil TCP diseñada • https://github.com/oblac/jodd-http/issues/9 https://github.com/oblac/jodd/issues/787 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-21234
https://notcve.org/view.php?id=CVE-2018-21234
Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set. Jodd versiones anteriores a la versión 5.0.4, realiza una Deserialización de Datos JSON No Confiables, cuando se establece la función setClassMetadataName. • https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16 https://github.com/oblac/jodd/compare/v5.0.3...v5.0.4 https://github.com/oblac/jodd/issues/628 https://lists.apache.org/thread.html/r0bacc701ab7105500a0ab2769270d18f332cb379e6a62ec7553f3327%40%3Cissues.hive.apache.org%3E https://lists.apache.org/thread.html/r157d01c96a2c10e7ceb3e005f42c52cfe87b11dd018935e1c4277433%40%3Cgitbox.hive.apache.org%3E https://lists.apache.org/thread.html/r317aec95c436848233047af7ecb3ce04ce446eb6031f981aef50df0d%40%3Cdev.drill.apache.org%3E https • CWE-502: Deserialization of Untrusted Data •