CVE-2021-41084

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') in maven/org.http4s/http4s-core_2.12

Identifier

CVE-2021-41084

Package Slug

maven/org.http4s/http4s-core_2.12

Vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Description

http4s is an open source scala interface for HTTP. Header values (Header.value), Status reason phrases (Status.reason), URI paths (Uri.Path), URI authority registered names (URI.RegName).

Affected Versions

All versions before 0.21.29, all versions starting from 0.22.0 before 0.22.5, all versions starting from 0.23.0 before 0.23.4, version 1.0.0

Solution

Upgrade to versions 0.21.29, 0.22.5, 0.23.4, 1.0-2-1e49ccf or above.

Last Modified

2021-10-10

source