[GHSA-cqqj-4p63-rrmm] HTTP Request Smuggling in Netty

github / advisory-database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Creative Commons Attribution 4.0 International

1.67k stars 305 forks source link

Closed SunBK201 closed 1 day ago

SunBK201 commented 1 month ago

Updates

Comments According to Patch, this vulnerability was introduced from 4.0.0.Beta1.

shelbyc commented 1 month ago

@SunBK201, as in https://github.com/github/advisory-database/pull/4496, I am unable to find which part of https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 says that io.netty:netty-codec-http became vulnerable to CVE-2019-20444 in 4.0.0.Beta1. Can you explain how you reached the conclusion that the vulnerability was introduced in 4.0.0.Beta1?