[MAVEN:GHSA-P2V9-G2QV-P635] HTTP Request Smuggling in Netty
Severity
Moderate
Affected Packages
3
Fixed Packages
1
CVEs
1
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Package | Affected Version |
---|---|
pkg:maven/org.jboss.netty/netty | < 4.0.0 |
pkg:maven/io.netty/netty-handler | >= 4.0.0, < 4.1.45 |
pkg:maven/io.netty/netty | < 4.0.0 |
Package | Fixed Version |
---|---|
pkg:maven/io.netty/netty-handler | = 4.1.45 |
- ID
- MAVEN:GHSA-P2V9-G2QV-P635
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-p2v9-g2qv-p635
- Published
-
2020-02-21T18:55:04
(4 years ago) - Modified
-
2023-08-16T05:02:11
(13 months ago) - Rights
- Maven Security Team
- Other Advisories
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.jboss.netty/netty | org.jboss.netty | netty | < 4.0.0 | |||
Affected | pkg:maven/io.netty/netty-handler | io.netty | netty-handler | >= 4.0.0 < 4.1.45 | |||
Fixed | pkg:maven/io.netty/netty-handler | io.netty | netty-handler | = 4.1.45 | |||
Affected | pkg:maven/io.netty/netty | io.netty | netty | < 4.0.0 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |