CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

DEBIAN-CVE-2022-24823

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

CVE-2022-24823

CVE-2022-24823 affects Netty’s io.netty:netty-codec-http prior to 4.1.77.Final, describing an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders handle uploads and temporary disk storage is enabled, local information can be disclosed via the system temporary directory. This affe...

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in Netty's package io.netty:netty-codec-http versions prior to 4.1.77, which stems from...

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

CVE-2022-0552

Technical details for CVE-2022-0552 are not provided in the supplied documents. Public details such as affected products, exploitability, and remediation are not present here; please monitor for updates.

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects...

PT-2022-13256 · Unknown · Openshift-Logging/Elasticsearch6-Rhel8 +3

Name of the Vulnerable Software and Affected Versions: origin-aggregated-logging versions 3.11 Description: A flaw was found in the original fix for the netty-codec-http issue, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete, and the vulnerable...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.2.8)

OpenShift Logging bug fix and security update 5.2.8 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)

OpenShift Logging bug fix and security update 5.1.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.3.5)

OpenShift Logging bug fix and security update 5.3.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

HTTP Request Smuggling

io.netty:netty-codec-http is vulnerable to HTTP request smuggling. Improper validation of control chars, when they are present at the beginning and/or end of the header name leads to HTTP request smuggling which allows an attacker to exploit other remote systems when these headers are used as a...

africa.absa:inception-application (>=1.0.0 <=1.0.1), ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3) +35797 more potentially affected by CVE-2021-43797 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.70.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =1.0.0, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.28.0 and more Source cves: CVE-2021-43797 Sourc...

Information Disclosure

netty-codec-http is vulnerable to information disclosure. When netty's multipart decoders are used, local files containing confidential information can be accessed via the local system temporary directory if temporary storing uploads on the disk is enabled...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +33062 more potentially affected by CVE-2021-21290 +1 more via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.58.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2021-21290,...

PT-2021-7977 · Oracle +4 · Java +4

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http versions prior to 4.1.77.Final Description: The issue is related to insufficient fix for a vulnerability in Netty's multipart decoders, which can lead to local information disclosure via the local system temporary...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +29415 more potentially affected by CVE-2019-20444 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.43.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2019-20444 Sourc...

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The vulnerability exists as it improperly handles whitespaces in the Transfer-Encoding, and the Content-Length headers. This vulnerability is caused by an incomplete fix for CVE-2019-16869...