io.netty:netty@3.4.0.Alpha1 vulnerabilities

latest version

3.10.6.Final
first published

12 years ago
latest version published

8 years ago
licenses detected
- Apache-2.0
  [3.3.0.Final,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the io.netty:netty package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M HTTP Request Smuggling io.netty:netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. Affected versions of this package are vulnerable to HTTP Request Smuggling. Netty mishandles whitespace before the colon in HTTP headers such as a `Transfer-Encoding : chunked` line. This can lead to HTTP request smuggling where an attacker can bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users. How to fix HTTP Request Smuggling? There is no fixed version for `io.netty:netty`.	[0,)
H Information Exposure io.netty:netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients. Affected versions of this package are vulnerable to Information Exposure. It does not validate cookie name and value characters, allowing attackers to potentially bypass the `httpOnly` flag on sensitive cookies. How to fix Information Exposure? Upgrade `io.netty:netty` to version 3.9.8.Final, 3.10.3.Final or higher.	[3.3.0.Final,3.9.8.Final) [3.10.0.Final,3.10.3.Final)

HTTP Request Smuggling

io.netty:netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients.

Affected versions of this package are vulnerable to HTTP Request Smuggling. Netty mishandles whitespace before the colon in HTTP headers such as a Transfer-Encoding : chunked line. This can lead to HTTP request smuggling where an attacker can bypass security controls, gain unauthorized access to sensitive data, and directly compromise other application users.

How to fix HTTP Request Smuggling?

There is no fixed version for io.netty:netty.

[0,)

Information Exposure

io.netty:netty is a NIO client server framework which enables quick and easy development of network applications such as protocol servers and clients.

Affected versions of this package are vulnerable to Information Exposure. It does not validate cookie name and value characters, allowing attackers to potentially bypass the httpOnly flag on sensitive cookies.

How to fix Information Exposure?

Upgrade io.netty:netty to version 3.9.8.Final, 3.10.3.Final or higher.

[3.3.0.Final,3.9.8.Final) [3.10.0.Final,3.10.3.Final)

Go back to all versions of this package

io.netty:netty@3.4.0.Alpha1 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities