HTTP Request Smuggling in Netty

2020-02-21T18:55:24
ID GHSA-CQQJ-4P63-RRMM
Type github
Reporter GitHub Advisory Database
Modified 2021-01-08T21:29:54

Description

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."