CVE-2021-21295
Netty CVE-2021-21295 affects io.netty:netty-codec-http2 prior to 4.1.60.Final, where Content-Length validation can be bypassed when HTTP/2 is downgraded to HTTP/1.1 in proxied scenarios, enabling HTTP request smuggling. The issue occurs when HTTP2MultiplexCodec/Http2FrameCodec are used and Http2S...