Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-z62d-zuet-tue7
Vulnerability ID VCID-z62d-zuet-tue7
Aliases CVE-2020-7622
GHSA-gv3v-92v6-m48j
Summary Improper Neutralization of CRLF Sequences in HTTP Headers in Jooby ('HTTP Response Splitting)
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2020-7622
epss 0.00451 https://api.first.org/data/v1/epss?cve=CVE-2020-7622
cvssv3.1_qr CRITICAL https://github.com/advisories/GHSA-gv3v-92v6-m48j
cvssv3.1 9.8 https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4
generic_textual CRITICAL https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4
cvssv3.1 9.8 https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j
cvssv3.1_qr CRITICAL https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j
generic_textual CRITICAL https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-7622
generic_textual CRITICAL https://nvd.nist.gov/vuln/detail/CVE-2020-7622
cvssv3.1 9.8 https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249
generic_textual CRITICAL https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2020-7622
https://github.com/jooby-project/jooby/commit/654c56ea013b795f60e95036c5e86992373d0ff2
https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4
https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249
CVE-2020-7622 https://nvd.nist.gov/vuln/detail/CVE-2020-7622
GHSA-gv3v-92v6-m48j https://github.com/advisories/GHSA-gv3v-92v6-m48j
GHSA-gv3v-92v6-m48j https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/jooby-project/jooby/commit/b66e3342cf95205324023cfdf2cb5811e8a6dcf4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/jooby-project/jooby/security/advisories/GHSA-gv3v-92v6-m48j
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-7622
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://snyk.io/vuln/SNYK-JAVA-IOJOOBY-564249
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.64135
EPSS Score 0.00451
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:26:00.232726+00:00 GHSA Importer Import https://github.com/advisories/GHSA-gv3v-92v6-m48j 38.6.0