Information Exposure in Netty

2020-06-30T21:01:21
ID GHSA-XFV3-RRFM-F2RV
Type github
Reporter GitHub Advisory Database
Modified 2020-06-30T21:01:21

Description

Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging improper validation of cookie name and value characters.