All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.micronaut:micronaut-http-client(Maven) | 0 | 1.2.11 | N/A |
| io.micronaut:micronaut-http-client(Maven) | 1.3.0 | 1.3.2 | N/A |
CVSS Metrics
