HTTP Request Smuggling in Netty

2020-02-21T18:55:24
ID GHSA-CQQJ-4P63-RRMM
Type github
Reporter GitHub Advisory Database
Modified 2020-02-21T18:55:24

Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."