HTTP Request Smuggling in Netty

2020-02-21T18:55:50
ID GHSA-FF2W-CQ2G-WV5F
Type github
Reporter GitHub Advisory Database
Modified 2020-02-21T18:55:50

Description

Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.