All vulnerabilities
CVE-2019-20445
HTTP Request Smuggling in Netty
Description
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgrading
Score
9.1
Severity
Critical
Ecosystem
Java
Publish Date
February 21, 2020
Modified Date
November 7, 2023
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Versions

