Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2026/06/17 4:18 p.m.9 views

netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/06/17 3:45 p.m.8 views

netty-codec-http: Netty: Data manipulation via request-boundary confusion in HttpObjectDecoder

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS5.3AI score0.00232EPSS
Exploits0References7
OSV
OSV
added 2026/06/15 8:46 p.m.8 views

GHSA-HVCG-QMG6-JM4C Netty: HttpObjectDecoder skips arbitrary initial control characters when only initial CRLF characters are permitted

Summary Before reading the first request-line, HttpObjectDecoder skips every byte for which Character.isISOControlb is true 0x00–0x1F and 0x7F as well as all whitespace. RFC 9112 §2.2 only asks servers to ignore empty CRLF lines preceding the request-line — a carefully scoped robustness allowance...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/15 8:36 a.m.15 views

CVE-2026-50020

A flaw was found in Netty. The HttpObjectDecoder component, which processes incoming HTTP requests, incorrectly skips certain control characters and whitespace before reading the first request line. This behavior, which goes beyond standard HTTP protocol requirements, can lead to request-boundary...

5.3CVSS4.9AI score0.00232EPSS
Exploits0References6
CVE
CVE
added 2026/06/12 2:55 p.m.74 views

CVE-2026-50020

Netty (network framework) contains a flaw in HttpObjectDecoder: prior to reading the first request-line, it ignores all ISO control bytes (0x00–0x1F, 0x7F) plus whitespace, beyond what RFC 9112 allows. This can cause request-boundary confusion in pipelined or multiplexed transports. Affects Netty...

5.3CVSS5.4AI score0.00232EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder