Uploaded image for project: 'JBeret'
  1. JBeret
  2. JBERET-490

Upgrade io.netty:netty-all to ~> 4.1.42 to address security vulnerability

    XMLWordPrintable

Details

    • Task
    • Resolution: Done
    • Major
    • 1.4.0.Final
    • None
    • jberet-core
    • None

    Description

      Remediation

      Upgrade io.netty:netty-all to version 4.1.42 or later. For example:

      <dependency>
  <groupId>io.netty</groupId>
  <artifactId>netty-all</artifactId>
  <version>[4.1.42,)</version>
</dependency>

      CVE-2019-16869
      moderate severity
      Vulnerable versions: < 4.1.42
      Patched version: 4.1.42

      Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

      Attachments

        Activity

          People

            cfang@redhat.com Cheng Fang
            cfang@redhat.com Cheng Fang
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: