Skip to content

Remediate High io.netty:netty-all vulnerability #112

New issue
New issue
Open
Open
Remediate High io.netty:netty-all vulnerability#112
Assignees
chmreid
@Lilalamar

Description

@Lilalamar
Lilalamar
opened on Apr 30, 2020

Snyk reports the following High severity vulnerability in HumanCellAtlas/data-consumer-vignettes. Please remediate by the end of Q2 Milestone 2.

Description
io.netty:netty-all

Suggested Remediation
Upgrade io.netty:netty-all to version 4.1.44.Final or higher.

Details
io.netty:netty-all is a asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling due to the package mishandling Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header when using HTTP/1.1. This issue exists because of an incomplete fix for CVE-2019-16869.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions