Lucene search

K
osvGoogleOSV:GHSA-CQQJ-4P63-RRMM
HistoryFeb 21, 2020 - 6:55 p.m.

HTTP Request Smuggling in Netty

2020-02-2118:55:24
Google
osv.dev
29
netty
http
request smuggling
invalid header interpretation
software

EPSS

0.009

Percentile

82.4%

HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an “invalid fold.”

References