Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remediate High io.netty:netty-all vulnerability #112

Open
Lilalamar opened this issue Apr 30, 2020 · 0 comments
Open

Remediate High io.netty:netty-all vulnerability #112

Lilalamar opened this issue Apr 30, 2020 · 0 comments
Assignees
@chmreid

Comments

@Lilalamar
Copy link

Snyk reports the following High severity vulnerability in HumanCellAtlas/data-consumer-vignettes. Please remediate by the end of Q2 Milestone 2.

Description
io.netty:netty-all

Suggested Remediation
Upgrade io.netty:netty-all to version 4.1.44.Final or higher.

Details
io.netty:netty-all is a asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Affected versions of this package are vulnerable to HTTP Request Smuggling due to the package mishandling Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header when using HTTP/1.1. This issue exists because of an incomplete fix for CVE-2019-16869.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@chmreid chmreid

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chmreid @Lilalamar