Closed schubon closed 5 years ago
Vulnerable versions: < 4.1.42 Patched version: 4.1.42
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Upgrade io.netty:netty-all to version 4.1.42 or later. For example:
<dependency> <groupId>io.netty</groupId> <artifactId>netty-all</artifactId> <version>[4.1.42,)</version> </dependency>
Always verify the validity and compatibility of suggestions with your codebase.
Details
CVE-2019-16869
Vulnerable versions: < 4.1.42 Patched version: 4.1.42
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Remediation
Upgrade io.netty:netty-all to version 4.1.42 or later. For example:
Always verify the validity and compatibility of suggestions with your codebase.