Login Sign Up

CVE-2022-29631

7.5 HIGH
SSRF

📋 TL;DR

CVE-2022-29631 is a CRLF injection vulnerability in Jodd HTTP library that allows attackers to perform Server-Side Request Forgery (SSRF) attacks. By injecting malicious carriage return and line feed characters in HTTP requests, attackers can make the vulnerable server send requests to internal systems. This affects applications using Jodd HTTP v6.0.9 for HTTP client functionality.

💻 Affected Systems

Products:
  • Jodd HTTP
Versions: v6.0.9
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects applications using Jodd HTTP library for HTTP client operations with user-controlled input.

📦 What is this software?

Jodd Http by Jodd

View all CVEs affecting Jodd Http →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of internal network via SSRF to access sensitive internal services, potentially leading to data exfiltration or lateral movement.

🟠

Likely Case

Information disclosure from internal services, reconnaissance of internal network, or limited data access via SSRF.

🟢

If Mitigated

Limited impact with proper network segmentation and egress filtering preventing internal service access.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user input to be passed to vulnerable HttpRequest methods. Public GitHub issues demonstrate the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.0.10 and later

Vendor Advisory: https://github.com/oblac/jodd-http/issues/9

Restart Required: Yes

Instructions:

1. Update Jodd HTTP dependency to v6.0.10 or later. 2. Update pom.xml or build.gradle with new version. 3. Rebuild and redeploy application. 4. Restart affected services.

🔧 Temporary Workarounds

Input Validation

all

Validate and sanitize all user input before passing to HttpRequest.set() and HttpRequest.send() methods

Network Segmentation

all

Implement strict egress filtering to prevent SSRF attacks from reaching internal services

🧯 If You Can't Patch

  • Implement WAF rules to detect and block CRLF injection patterns in HTTP requests
  • Deploy network monitoring to detect unusual outbound requests from affected systems

🔍 How to Verify

Check if Vulnerable:

Check if application uses Jodd HTTP v6.0.9 via dependency management files (pom.xml, build.gradle) or by examining deployed libraries.

Check Version:

Check build configuration files or run: java -cp "jodd-http-*.jar" -version

Verify Fix Applied:

Confirm Jodd HTTP version is v6.0.10 or later and test that CRLF injection attempts are properly rejected.

📡 Detection & Monitoring

Log Indicators:

  • Unusual outbound HTTP requests from application
  • Failed CRLF injection attempts in application logs
  • Unexpected HTTP response headers

Network Indicators:

  • HTTP requests with encoded CRLF characters (%0D%0A)
  • Requests to internal IP addresses from application servers
  • Unusual destination ports in outbound traffic

SIEM Query:

source="application_logs" AND (message CONTAINS "%0D%0A" OR message CONTAINS "CRLF")

📊 Metadata

CVE ID: CVE-2022-29631
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CWE: CWE-74
Published: June 6, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-29631, you might also want to check these:

CVE-2026-25520 10.0

SandboxJS versions before 0.8.29 have a critical sandbox escape vulnerability that allows attackers ...

Same vulnerability type (CWE-74)
CVE-2026-25586 10.0

This CVE describes a sandbox escape vulnerability in SandboxJS library versions before 0.8.29. Attac...

Same vulnerability type (CWE-74)
CVE-2025-20281 10.0

An unauthenticated remote code execution vulnerability in Cisco ISE and ISE-PIC API allows attackers...

Same vulnerability type (CWE-74)