{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-7238", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "url": "https://netty.io/news/", "refsource": "MISC", "name": "https://netty.io/news/" }, { "refsource": "MISC", "name": "https://github.com/jdordonezn/CVE-2020-72381/issues/1", "url": "https://github.com/jdordonezn/CVE-2020-72381/issues/1" }, { "refsource": "REDHAT", "name": "RHSA-2020:0497", "url": "https://access.redhat.com/errata/RHSA-2020:0497" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update", "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html" }, { "refsource": "REDHAT", "name": "RHSA-2020:0601", "url": "https://access.redhat.com/errata/RHSA-2020:0601" }, { "refsource": "REDHAT", "name": "RHSA-2020:0606", "url": "https://access.redhat.com/errata/RHSA-2020:0606" }, { "refsource": "REDHAT", "name": "RHSA-2020:0605", "url": "https://access.redhat.com/errata/RHSA-2020:0605" }, { "refsource": "REDHAT", "name": "RHSA-2020:0567", "url": "https://access.redhat.com/errata/RHSA-2020:0567" }, { "refsource": "REDHAT", "name": "RHSA-2020:0806", "url": "https://access.redhat.com/errata/RHSA-2020:0806" }, { "refsource": "REDHAT", "name": "RHSA-2020:0811", "url": "https://access.redhat.com/errata/RHSA-2020:0811" }, { "refsource": "REDHAT", "name": "RHSA-2020:0804", "url": "https://access.redhat.com/errata/RHSA-2020:0804" }, { "refsource": "REDHAT", "name": "RHSA-2020:0805", "url": "https://access.redhat.com/errata/RHSA-2020:0805" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update", "url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html" }, { "refsource": "FEDORA", "name": "FEDORA-2020-66b5f85ccc", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/" }, { "refsource": "DEBIAN", "name": "DSA-4885", "url": "https://www.debian.org/security/2021/dsa-4885" }, { "refsource": "MLIST", "name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty", "url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E" } ] } }