ferrybig/teamspeak-query

Vulnerabilities

2 via 2 paths

Dependencies

4

Source

GitHub

Commit

606500dd

Find, fix and prevent vulnerabilities in your code.

Severity
  • 2
Status
  • 2
  • 0
  • 0

high severity

HTTP Request Smuggling

  • Vulnerable module: io.netty:netty-all
  • Introduced through: io.netty:netty-all@4.1.42.Final

Detailed paths

  • Introduced through: ferrybig/teamspeak-query@ferrybig/teamspeak-query#606500dd440bbfac69fcd37bbc1e6b46ff2982c8 io.netty:netty-all@4.1.42.Final
    Remediation: Upgrade to io.netty:netty-all@4.1.44.Final.

Overview

io.netty:netty-all is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

Affected versions of this package are vulnerable to HTTP Request Smuggling. It allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax or as an "invalid fold."

Remediation

Upgrade io.netty:netty-all to version 4.1.44.Final or higher.

References

high severity

HTTP Request Smuggling

  • Vulnerable module: io.netty:netty-all
  • Introduced through: io.netty:netty-all@4.1.42.Final

Detailed paths

  • Introduced through: ferrybig/teamspeak-query@ferrybig/teamspeak-query#606500dd440bbfac69fcd37bbc1e6b46ff2982c8 io.netty:netty-all@4.1.42.Final
    Remediation: Upgrade to io.netty:netty-all@4.1.44.Final.

Overview

io.netty:netty-all is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients.

Affected versions of this package are vulnerable to HTTP Request Smuggling due to the package mishandling Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header when using HTTP/1.1. This issue exists because of an incomplete fix for CVE-2019-16869.

Remediation

Upgrade io.netty:netty-all to version 4.1.44.Final or higher.

References