[Checkmarx][OSA] CVE-2019-16869 - Score 7.5 - io.netty:netty-codec-http:4.1.46.Final
miguelfreitas93 opened this issue · comments
** Library Details **
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
** Recommendations **
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
** Library Details **
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
** Library Severity Details **
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
** CVE Details **
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
** Recommendations **
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Library Details
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Recommendations
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Library Details
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Recommendations
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Library Details
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Recommendations
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Library Details
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Recommendations
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Library Details
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Recommendations
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Library Details
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Recommendations
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Library Details
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Recommendations
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Library Details
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Recommendations
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Library Details
Library ID: 4DDA2B2EC3B88691029D601A2462830FBB81855E
Library Name: io.netty:netty-codec-http
Library Version: 4.1.46.Final
Library Source File Name:
Library Confidence Level: 100
Library Severity Details
Library High Vulnerabilities: 0
Library Medium Vulnerabilities: 0
Library Low Vulnerabilities: 0
CVE Details
CVE Name: CVE-2019-16869
CVE Score: 7.5
Severity: High
State: TO_VERIFY
CVE Publish Date: 2019-09-26T16:15:00
CVE URL: https://nvd.nist.gov/vuln/detail/CVE-2019-16869
CVE Description: Netty before 4.1.42.Final and 5.0.x through 5.0.0-Alpha2 mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Recommendations
Library Newest Version: 4.1.50.Final
Library Newest Version Release Date: 2020-05-13T07:05:02
Library Number of Versions Since Last Update: 4
Recommendations: Upgrade to 4.1.48.Final
Vulnerability does not exist anymore
Vulnerability does not exist anymore