High severityNVD Advisory· Published Jan 27, 2020· Updated Aug 4, 2024
CVE-2020-7238
CVE-2020-7238
Description
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.netty:netty-handlerMaven | >= 4.1.43, < 4.1.45 | 4.1.45 |
Affected products
2- Netty/Nettydescription
Patches
Vulnerability mechanics
References
26- access.redhat.com/errata/RHSA-2020:0497ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0567ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0601ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0605ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0606ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0804ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0805ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0806ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2020:0811ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-ff2w-cq2g-wv5fghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-7238ghsaADVISORY
- www.debian.org/security/2021/dsa-4885ghsavendor-advisoryx_refsource_DEBIANWEB
- github.com/jdordonezn/CVE-2020-72381/issues/1ghsax_refsource_MISCWEB
- github.com/netty/netty/issues/9861ghsaWEB
- github.com/netty/netty/pull/9865ghsaWEB
- lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7%40%3Ccommits.cassandra.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3EghsaWEB
- lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05%40%3Ccommits.cassandra.apache.org%3Emitremailing-listx_refsource_MLIST
- lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3EghsaWEB
- lists.debian.org/debian-lts-announce/2020/02/msg00017.htmlghsamailing-listx_refsource_MLISTWEB
- lists.debian.org/debian-lts-announce/2020/02/msg00018.htmlghsamailing-listx_refsource_MLISTWEB
- lists.debian.org/debian-lts-announce/2020/09/msg00003.htmlghsamailing-listx_refsource_MLISTWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46ghsaWEB
- netty.io/newsghsaWEB
- netty.io/news/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.