advisory-database icon indicating copy to clipboard operation
advisory-database copied to clipboard
verified publisher icon github

[GHSA-cqqj-4p63-rrmm] HTTP Request Smuggling in Netty

Open SunBK201 opened this issue 1 year ago • 1 comments

Updates

  • Affected products

Comments According to Patch, this vulnerability was introduced from 4.0.0.Beta1.

SunBK201 avatar Jun 05 '24 14:06 SunBK201

@SunBK201, as in https://github.com/github/advisory-database/pull/4496, I am unable to find which part of https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323 says that io.netty:netty-codec-http became vulnerable to CVE-2019-20444 in 4.0.0.Beta1. Can you explain how you reached the conclusion that the vulnerability was introduced in 4.0.0.Beta1?

shelbyc avatar Jun 05 '24 15:06 shelbyc