Snyk reports the following High severity vulnerability in HumanCellAtlas/data-consumer-vignettes. Please remediate by the end of Q2 Milestone 2.
Description
io.netty:netty-all
Suggested Remediation
Upgrade io.netty:netty-all to version 4.1.44.Final or higher.
Details
io.netty:netty-all is a asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling due to the package mishandling Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header when using HTTP/1.1. This issue exists because of an incomplete fix for CVE-2019-16869.
Snyk reports the following High severity vulnerability in HumanCellAtlas/data-consumer-vignettes. Please remediate by the end of Q2 Milestone 2.
Description io.netty:netty-all
Suggested Remediation Upgrade io.netty:netty-all to version 4.1.44.Final or higher.
Details io.netty:netty-all is a asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling due to the package mishandling Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header when using HTTP/1.1. This issue exists because of an incomplete fix for CVE-2019-16869.