Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
netty netty |
||
debian debian linux 10.0 |
||
netapp oncommand workflow automation - |
||
netapp oncommand api services - |
||
oracle coherence 12.2.1.4.0 |
||
oracle coherence 14.1.1.0.0 |
||
oracle banking trade finance process management 14.3.0 |
||
oracle banking credit facilities process management 14.3.0 |
||
oracle banking corporate lending process management 14.3.0 |
||
oracle primavera gateway |
||
oracle banking trade finance process management 14.5.0 |
||
oracle banking credit facilities process management 14.2.0 |
||
oracle banking credit facilities process management 14.5.0 |
||
oracle banking corporate lending process management 14.2.0 |
||
oracle banking corporate lending process management 14.5.0 |
||
oracle banking trade finance process management 14.2.0 |
||
oracle communications messaging server 8.1 |
||
oracle communications brm - elastic charging engine 12.0.0.3 |
||
oracle communications design studio 7.4.2.0.0 |
||
oracle communications cloud native core console 1.7.0 |
||
oracle nosql database |
||
oracle communications cloud native core policy 1.14.0 |
||
oracle helidon 2.4.0 |
||
oracle helidon 1.4.10 |
||
oracle jd edwards enterpriseone tools |
||
quarkus quarkus |
Vulmon