Vulnerability	Vulnerable Version
M HTTP Request Smuggling io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling in `HttpObjectDecoder.java`, which skips whitespace as well as bytes `0x00-0x1F` and `0x7F`. An attacker can cause request-boundary confusion in pipelined or multiplexed transports by sending malicious HTTP requests containing arbitrary control characters, which may be interpreted differently by front-end components. How to fix HTTP Request Smuggling? Upgrade `io.netty:netty-codec-http` to version 4.1.135.Final, 4.2.15.Final or higher.	[,4.1.135.Final)[4.2.0.Alpha1,4.2.15.Final)

HTTP Request Smuggling

io.netty:netty-codec-http is a network application framework for rapid development of maintainable high performance protocol servers & clients.

Affected versions of this package are vulnerable to HTTP Request Smuggling in HttpObjectDecoder.java, which skips whitespace as well as bytes 0x00-0x1F and 0x7F. An attacker can cause request-boundary confusion in pipelined or multiplexed transports by sending malicious HTTP requests containing arbitrary control characters, which may be interpreted differently by front-end components.

How to fix HTTP Request Smuggling?

Upgrade io.netty:netty-codec-http to version 4.1.135.Final, 4.2.15.Final or higher.

[,4.1.135.Final)[4.2.0.Alpha1,4.2.15.Final)

Go back to all versions of this package