[jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty

Ethern Su (Jira) Tue, 25 May 2021 23:18:35 -0700

Ethern Su created CASSANDRA-16699:
-------------------------------------

             Summary: Security vulnerability  CVE-2020-7238 for Netty
                 Key: CASSANDRA-16699
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16699
             Project: Cassandra
          Issue Type: Bug
            Reporter: Ethern Su



*Cassandra Version: 3.11.10*

*Description :*
*Severity:* NVD CVSS:3.1 7.5 High

*Affecting Package*: netty-all 4.0.44.Final

*Source:* National Vulnerability Database

*Explanation from NVD:* Netty 4.1.43.Final allows HTTP Request Smuggling 
because it mishandles Transfer-Encoding whitespace (such as a 
[space]Transfer-Encoding:chunked line) and a later Content-Length header. This 
issue exists because of an incomplete fix for CVE-2019-16869.

*Recommendation:* Upgrade package io.netty#netty-all to version 4.1.44.Final or 
above.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty

Reply via email to