CVE-2019-16771
MEDIUM4.8EPSS 0.42%Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') in Armeria
描述
Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable to HTTP response splitting, which allows remote attackers to inject arbitrary HTTP headers via CRLF sequences when unsanitized data is used to populate the headers of an HTTP response. ### Impact 1. Cross-User Defacement 2. Cache Poisoning 3. Cross-Site Scripting (XSS) 4. Page Hijacking ### Root Cause The root cause is due to the usage of Netty without the HTTP header validation. https://github.com/line/armeria/blob/f0d870fde1088114070be31b67f7df0a21e835c6/core/src/main/java/com/linecorp/armeria/common/DefaultHttpHeaders.java#L23 ### Patches This vulnerability has been patched in 0.97.0. ### References [CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')](https://cwe.mitre.org/data/definitions/113.html) https://github.com/ratpack/ratpack/security/advisories/GHSA-mvqp-q37c-wf9j ### For more information If you have any questions or comments about this advisory: * Open an issue in [GitHub](https://github.com/line/armeria/issues)
受影響套件(2)
- Maven/com.linecorp.armeria:armeria>= 0.50.0, < 0.97.0
- Maven/com.linecorp.armeria:armeria>= 0.85.0, < 0.97.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N |
參考連結(5)
- ADVISORYhttps://github.com/advisories/GHSA-24r8-fm9r-cpj2
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-16771
- WEBhttps://github.com/line/armeria/commit/b597f7a865a527a84ee3d6937075cfbb4470ed20
- WEBhttps://github.com/line/armeria/security/advisories/GHSA-24r8-fm9r-cpj2
- WEBhttps://github.com/line/armeria/security/advisories/GHSA-35fr-h7jr-hh86