4.2.6.Final
13 years ago
1 months ago
Known vulnerabilities in the io.netty:netty-codec-http package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) via the How to fix Improper Handling of Highly Compressed Data (Data Amplification)? Upgrade | [,4.1.125.Final) |
io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling via the parsing of chunk extensions in HTTP/1.1 messages with chunked encoding. An attacker can bypass HTTP request boundaries by sending specially crafted HTTP requests that exploit differences in how standalone newline characters are parsed between reverse proxies and the backend, potentially allowing them to smuggle additional requests. How to fix HTTP Request Smuggling? Upgrade | [,4.1.125.Final)[4.2.0.Alpha1,4.2.5.Final) |