You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Netty is an asynchronous event-driven network application framework for
rapid development of maintainable high performance protocol servers and
clients.
Path to vulnerable library: hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-csi/target/lib/netty-codec-http-4.1.42.Final.jar
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
CVE-2020-7238 - High Severity Vulnerability
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.
Path to vulnerable library: hadoop/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-csi/target/lib/netty-codec-http-4.1.42.Final.jar
Dependency Hierarchy:
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Publish Date: 2020-01-27
URL: CVE-2020-7238
Base Score Metrics:
Type: Upgrade version
Origin: netty/netty#9861
Release Date: 2020-01-27
Fix Resolution: io.netty:netty-all:4.1.44.Final;io.netty:netty-codec-http:4.1.44.Final
The text was updated successfully, but these errors were encountered: