CVE-2022-41915 affecting dependency maven:io.netty:netty-codec:4.1.85.Final

[john-latham]

IntelliJ reports, for the dependency com.pusher:pusher-http-java:1.3.3:

---

Provides transitive vulnerable dependency maven:io.netty:netty-codec:4.1.85.Final

CVE-2022-41915 6.5 Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') vulnerability with medium severity found
https://devhub.checkmarx.com/cve-details/CVE-2022-41915

Results powered by Checkmarx(c)

[benjamin-tang-pusher]

Hi, thanks for bringing this to our attention. I will take a look at the dependency.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you'd like this issue to stay open please leave a comment indicating how this issue is affecting you. Thank you.

[john-latham]

Security vulnerability should not be closed as stale. Please re-open.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you'd like this issue to stay open please leave a comment indicating how this issue is affecting you. Thank you.