io.netty:netty-codec-http@4.1.63.Final vulnerabilities
-
latest version
4.1.109.Final
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
20 days ago
-
licenses detected
- [4.0.0.Alpha1,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the io.netty:netty-codec-http package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the accumulation of data in the An attacker can cause a denial of service by sending a chunked post consisting of many small fields that will be accumulated in the How to fix Allocation of Resources Without Limits or Throttling? Upgrade |
[,4.1.108.Final)
|
io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling. Netty currently just skips control characters when these are present at the beginning or end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. How to fix HTTP Request Smuggling? Upgrade |
[,4.1.71.Final)
|