Advisories for Maven/Org.jooby/Jooby package

2020

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

All versions before 1.6.7 of org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.

Inconsistent Interpretation of HTTP Requests (HTTP Request Smuggling)

Jooby is vulnerable to HTTP Response Splitting if DefaultHttpHeaders is set to false.

2019

Cross-site Scripting

Jooby before has XSS via the default error handler.