jooby-project/jooby

jooby-project/jooby

Releases218

Frequency2 weeks 5 days

Last Release 10 days ago

Stars1.77K

The modular web framework for Java and Kotlin

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-31129 ↗	Mar 31, 2025Monday, 31 March 2025, 19:15	8.8 HIGH	—
Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x).
CVE-2020-7647 ↗	May 11, 2020Monday, 11 May 2020, 20:15	5.3 MEDIUM	5 MEDIUM
All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.
CVE-2020-7622 ↗	Apr 6, 2020Monday, 6 April 2020, 15:15	6.5 MEDIUM	7.5 HIGH
This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1. The DefaultHttpHeaders is set to false which means it does not validates that the header isn't being abused for HTTP Response Splitting.
CVE-2019-15477 ↗	Aug 23, 2019Friday, 23 August 2019, 13:15	—	4.3 MEDIUM
Jooby before 1.6.4 has XSS via the default error handler.