CVE-2019-20444 @ Maven-io.netty:netty-codec-http-4.1.42.Final

**Vulnerable Package** issue exists @ **Maven\-io.netty:netty\-codec\-http\-4.1.42.Final** in branch **master**

HttpObjectDecoder.java in Netty before 4.1.44 and 5.x up to 5.0.0.Alpha2 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

**Namespace:** ytang1-godaddy
**Repository:** aws-cdk-examples
**Repository Url:** https://github.com/ytang1-godaddy/aws-cdk-examples
**CxAST\-Project:** ytang1-godaddy/aws-cdk-examples
**CxAST platform scan:** [9299eec0\-db6d\-4aaf\-a84e\-cae2611689d7](https://ast.checkmarx.net/projects/7a1af0bd-2dea-49ba-95a7-1d42135abd64/scans?id=9299eec0-db6d-4aaf-a84e-cae2611689d7&branch=master)
**Branch:** master
**Application:** aws-cdk-examples
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-444


----
**Additional Info**
**Attack vector:** NETWORK
**Attack complexity:** LOW
**Confidentiality impact:** HIGH
**Availability impact:** NONE
**Remediation Upgrade Recommendation:** 4.1.71.Final


----
**References**
[Issue](https://github.com/netty/netty/issues/9866)
[Pull request](https://github.com/netty/netty/pull/9871)
[Commit](https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2019-20444 @ Maven-io.netty:netty-codec-http-4.1.42.Final #30

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2019-20444 @ Maven-io.netty:netty-codec-http-4.1.42.Final #30

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions