Vulnerability in Netty before version 4.1.61.Final enables request smuggling due to improper validation of content-length header in Http2HeaderFrame. Risk of request smuggling if translated to HTTP/1.1. Followup of CVE-2021-21295. Fixed in 4.1.61.Final.
Reporter | Title | Published | Views | Family All 148 |
---|---|---|---|---|
Cvelist | CVE-2021-21409 Possible request smuggling in HTTP/2 due missing validation of content-length | 30 Mar 202115:05 | – | cvelist |
Cvelist | CVE-2021-21295 Possible request smuggling in HTTP/2 due missing validation | 9 Mar 202118:35 | – | cvelist |
Cvelist | CVE-2022-0552 | 11 Apr 202219:38 | – | cvelist |
Prion | Design/Logic Flaw | 30 Mar 202115:15 | – | prion |
Prion | Design/Logic Flaw | 9 Mar 202119:15 | – | prion |
Prion | Design/Logic Flaw | 11 Apr 202220:15 | – | prion |
OSV | Possible request smuggling in HTTP/2 due missing validation | 9 Mar 202118:49 | – | osv |
OSV | CVE-2021-21295 | 9 Mar 202119:15 | – | osv |
OSV | Possible request smuggling in HTTP/2 due missing validation of content-length | 30 Mar 202115:10 | – | osv |
OSV | BIT-zookeeper-2021-21295 | 6 Mar 202411:09 | – | osv |
OS | OS Version | Architecture | Package | Package Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | netty | 1:4.1.48-4 | netty_1:4.1.48-4_all.deb |
Debian | 11 | all | netty | 1:4.1.48-4 | netty_1:4.1.48-4_all.deb |
Debian | 999 | all | netty | 1:4.1.48-4 | netty_1:4.1.48-4_all.deb |
Debian | 13 | all | netty | 1:4.1.48-4 | netty_1:4.1.48-4_all.deb |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo