GHSA-p979-4mfw-53vg

Source

https://github.com/advisories/GHSA-p979-4mfw-53vg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-p979-4mfw-53vg/GHSA-p979-4mfw-53vg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-p979-4mfw-53vg

Aliases

CVE-2019-16869

Published

2019-10-11T18:41:23Z

Modified

2024-05-21T17:15:48.126109Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

HTTP Request Smuggling in Netty

Details

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

Database specific

{
    "nvd_published_at": "2019-09-26T16:15:00Z",
    "cwe_ids": [
        "CWE-444"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2019-09-30T14:47:35Z"
}

References

Affected packages

Maven / io.netty:netty-all

Package

Name: io.netty:netty-all; View open source insights on deps.dev
Purl: pkg:maven/io.netty/netty-all

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0.Alpha1

Fixed

4.1.42.Final

Affected versions

4.*

4.0.0.Beta1

4.0.0.Beta2

4.0.0.Beta3

4.0.0.CR1

4.0.0.CR2

4.0.0.CR3

4.0.0.CR4

4.0.0.CR5

4.0.0.CR6

4.0.0.CR7

4.0.0.CR8

4.0.0.CR9

4.0.0.Final

4.0.1.Final

4.0.2.Final

4.0.3.Final

4.0.4.Final

4.0.5.Final

4.0.6.Final

4.0.7.Final

4.0.8.Final

4.0.9.Final

4.0.10.Final

4.0.11.Final

4.0.12.Final

4.0.13.Final

4.0.14.Beta1

4.0.14.Final

4.0.15.Final

4.0.16.Final

4.0.17.Final

4.0.18.Final

4.0.19.Final

4.0.20.Final

4.0.21.Final

4.0.22.Final

4.0.23.Final

4.0.24.Final

4.0.25.Final

4.0.26.Final

4.0.27.Final

4.0.28.Final

4.0.29.Final

4.0.30.Final

4.0.31.Final

4.0.32.Final

4.0.33.Final

4.0.34.Final

4.0.35.Final

4.0.36.Final

4.0.37.Final

4.0.38.Final

4.0.39.Final

4.0.40.Final

4.0.41.Final

4.0.42.Final

4.0.43.Final

4.0.44.Final

4.0.45.Final

4.0.46.Final

4.0.47.Final

4.0.48.Final

4.0.49.Final

4.0.50.Final

4.0.51.Final

4.0.52.Final

4.0.53.Final

4.0.54.Final

4.0.55.Final

4.0.56.Final

4.1.0.Beta1

4.1.0.Beta2

4.1.0.Beta3

4.1.0.Beta4

4.1.0.Beta5

4.1.0.Beta6

4.1.0.Beta7

4.1.0.Beta8

4.1.0.CR1

4.1.0.CR2

4.1.0.CR3

4.1.0.CR4

4.1.0.CR5

4.1.0.CR6

4.1.0.CR7

4.1.0.Final

4.1.1.Final

4.1.2.Final

4.1.3.Final

4.1.4.Final

4.1.5.Final

4.1.6.Final

4.1.7.Final

4.1.8.Final

4.1.9.Final

4.1.10.Final

4.1.11.Final

4.1.12.Final

4.1.13.Final

4.1.14.Final

4.1.15.Final

4.1.16.Final

4.1.17.Final

4.1.18.Final

4.1.19.Final

4.1.20.Final

4.1.21.Final

4.1.22.Final

4.1.23.Final

4.1.24.Final

4.1.25.Final

4.1.26.Final

4.1.27.Final

4.1.28.Final

4.1.29.Final

4.1.30.Final

4.1.31.Final

4.1.32.Final

4.1.33.Final

4.1.34.Final

4.1.35.Final

4.1.36.Final

4.1.37.Final

4.1.38.Final

4.1.39.Final

4.1.40.Final

4.1.41.Final

Maven / org.jboss.netty:netty

Package

Name: org.jboss.netty:netty; View open source insights on deps.dev
Purl: pkg:maven/org.jboss.netty/netty

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.0.0.CR1

3.0.0.CR2

3.0.0.CR3

3.0.0.CR4

3.0.0.CR5

3.0.0.GA

3.0.1.GA

3.0.2.GA

3.1.0.ALPHA1

3.1.0.ALPHA2

3.1.0.ALPHA3

3.1.0.ALPHA4

3.1.0.BETA1

3.1.0.BETA2

3.1.0.BETA3

3.1.0.CR1

3.1.0.GA

3.1.1.GA

3.1.2.GA

3.1.3.GA

3.1.4.GA

3.1.5.GA

3.2.0.ALPHA1

3.2.0.ALPHA2

3.2.0.ALPHA3

3.2.0.ALPHA4

3.2.0.BETA1

3.2.0.CR1

3.2.0.Final

3.2.1.Final

3.2.2.Final

3.2.3.Final

3.2.4.Final

3.2.5.Final

3.2.6.Final

3.2.7.Final

3.2.8.Final

3.2.9.Final

3.2.10.Final

Database specific

{
    "last_known_affected_version_range": "< 4.0.0"
}