ROS-20260216-73-0011

A vulnerability in the io.netty.handler.codec.http.HttpRequestEncoder component of the Netty networking tool is related to the failure to take measures to neutralize CRLF sequences when processing the HttpRequestEncoder parameter. Exploitation of the vulnerability could allow an attacker acting...

CVE-2025-67735

CVE-2025-67735 : Netty has a CRLF injection in io.netty.handler.codec.http.HttpRequestEncoder that can enable request smuggling when the URI is not sanitized. Affected versions are prior to 4.1.129.Final and 4.2.8.Final; these versions are stated as having fixes. The vulnerability arises from CRL...

Netty 注入漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used to develop Java web applications such as protocol servers and clients. An injection vulnerability exists in Netty versions prior to 4.1.129.Final and prior to 4.2.8.Final, which stems from a CRLF...

Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder

Summary The io.netty.handler.codec.http.HttpRequestEncoder CRLF injection with the request uri when constructing a request. This leads to request smuggling when HttpRequestEncoder is used without proper sanitization of the uri. Details The HttpRequestEncoder simply UTF8 encodes the uri without...

PT-2025-51352

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.129.Final Netty versions prior to 4.2.8.Final Description Netty is an asynchronous, event-driven network application framework. The io.netty.handler.codec.http.HttpRequestEncoder is susceptible to a CRLF injection...