Описание
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| netty | fixed | 1:4.1.45-1 | package | |
| netty-3.9 | removed | package | ||
| netty-3.9 | not-affected | stretch | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1796225
https://github.com/jdordonezn/CVE-2020-72381/issues/1
Issue exists because of incomplete fix for CVE-2019-16869.
https://github.com/netty/netty/issues/9861#issuecomment-582307539 (same fix as CVE-2019-20445)
EPSS
Связанные уязвимости
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
EPSS