Description
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles
Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked
line) and a later Content-Length header. This issue exists because of an
incomplete fix for CVE-2019-16869.
Ubuntu-Description
It was discovered that Netty has HTTP request smuggling vulnerability. A
remote attacker could use it to extract sensitive information.
Package
Upstream: | needs-triage
|
Ubuntu 18.04 LTS: | not-affected
(3.9.9.Final-1+deb9u1)
|
Ubuntu 20.04 LTS: | DNE
|
Ubuntu 21.10: | DNE
|
Ubuntu 22.04 LTS: | DNE
|
Ubuntu 14.04 ESM: | DNE
|
Patches:
Updated: 2022-04-25 00:50:55 UTC (commit ecc1009cb19540b950de59270950018900f37f15)