Vulnerabilities

 3 via 3 paths

Dependencies

 4

Source

 GitHub

Commit

 606500dd

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 3
Status
  • 3
  • 0
  • 0

high severity

HTTP Request Smuggling

  • Vulnerable module: io.netty:netty-all
  • Introduced through: io.netty:netty-all@4.1.42.Final

Detailed paths

  • Introduced through: ferrybig/teamspeak-query@ferrybig/teamspeak-query#606500dd440bbfac69fcd37bbc1e6b46ff2982c8 io.netty:netty-all@4.1.42.Final
    Remediation: Upgrade to io.netty:netty-all@4.1.44.Final.

Overview

io.netty:netty-all is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax or as an "invalid fold."

Remediation

Upgrade io.netty:netty-all to version 4.1.44.Final or higher.

References

HTTP Request Smuggling vulnerability report

high severity

HTTP Request Smuggling

  • Vulnerable module: io.netty:netty-all
  • Introduced through: io.netty:netty-all@4.1.42.Final

Detailed paths

  • Introduced through: ferrybig/teamspeak-query@ferrybig/teamspeak-query#606500dd440bbfac69fcd37bbc1e6b46ff2982c8 io.netty:netty-all@4.1.42.Final
    Remediation: Upgrade to io.netty:netty-all@4.1.44.Final.

Overview

io.netty:netty-all is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

Affected versions of this package are vulnerable to HTTP Request Smuggling due to the package mishandling Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header when using HTTP/1.1. This issue exists because of an incomplete fix for CVE-2019-16869.

NOTE: This vulnerability has also been identified as: CVE-2019-20445

Remediation

Upgrade io.netty:netty-all to version 4.1.44.Final or higher.

References

HTTP Request Smuggling vulnerability report

high severity

HTTP Request Smuggling

  • Vulnerable module: io.netty:netty-all
  • Introduced through: io.netty:netty-all@4.1.42.Final

Detailed paths

  • Introduced through: ferrybig/teamspeak-query@ferrybig/teamspeak-query#606500dd440bbfac69fcd37bbc1e6b46ff2982c8 io.netty:netty-all@4.1.42.Final
    Remediation: Upgrade to io.netty:netty-all@4.1.44.Final.

Overview

io.netty:netty-all is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

Affected versions of this package are vulnerable to HTTP Request Smuggling due to the package mishandling Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header when using HTTP/1.1. This issue exists because of an incomplete fix for CVE-2019-16869.

NOTE: This vulnerability has also been identified as: CVE-2020-7238

Remediation

Upgrade io.netty:netty-all to version 4.1.44.Final or higher.

References

HTTP Request Smuggling vulnerability report