Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
Vulnerability Description
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.132.Final and 4.2.10.Final, Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Versions 4.1.132.Final and 4.2.10.Final fix the issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
HTTP请求的解释不一致性(HTTP请求私运)
Vulnerability Title
Netty 环境问题漏洞
Vulnerability Description
Netty是Netty社区的一款非阻塞I/O客户端-服务器框架,它主要用于开发Java网络应用程序,如协议服务器和客户端等。 Netty 4.1.132.Final之前版本和4.2.10.Final之前版本存在环境问题漏洞,该漏洞源于HTTP/1.1分块传输编码扩展值中引号字符串解析错误,可能导致请求夹带攻击。
CVSS Information
N/A
Vulnerability Type
N/A