Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.1.9)

OpenShift Logging bug fix and security update 5.1.9 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Moderate: Red Hat Security Advisory: OpenShift Logging bug fix and security update (5.3.5)

OpenShift Logging bug fix and security update 5.3.5 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

CVE-2022-0552

A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

africa.absa:inception-application (>=1.0.0 <=1.0.1), ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3) +35797 more potentially affected by CVE-2021-43797 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.70.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =1.0.0, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.28.0 and more Source cves: CVE-2021-43797 Sourc...

Information Disclosure

netty-codec-http is vulnerable to information disclosure. When netty's multipart decoders are used, local files containing confidential information can be accessed via the local system temporary directory if temporary storing uploads on the disk is enabled...

PT-2021-7977 · Oracle +4 · Java +4

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http versions prior to 4.1.77.Final Description: The issue is related to insufficient fix for a vulnerability in Netty's multipart decoders, which can lead to local information disclosure via the local system temporary...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.3), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.3) +29415 more potentially affected by CVE-2019-20444 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.43.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves: CVE-2019-20444 Sourc...

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The vulnerability exists as it improperly handles whitespaces in the Transfer-Encoding, and the Content-Length headers. This vulnerability is caused by an incomplete fix for CVE-2019-16869...

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The library does not properly validate duplicate Content-Length header fields and the Transport-Encoding headers, allowing a remote attacker to smuggle HTTP request by submitting a malicious Transport-Encoding header...

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service. An indexOutOfBoundsException occurs when the application parses an incorrect Content-Type value that starts with a semi-colon ; in a multipart form request, allowing an attacker to cause a denial of service condition...

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service DoS attacks. These attacks are possible because it does not respect the limit on max http header size. This is caused because control characters are indefinitely skipped and the parsing never ends...