CVE-2019-16869HIGHCVSS 7.5

HTTP Request Smuggling in Netty

Published Oct 11, 2019·Updated Jun 29, 2026

Description

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

Affected Packages (3)

io.netty:nettyMAVEN
From 3.3.0.Final
Fixed in = 4.0.0.Alpha8
org.jboss.netty:nettyMAVEN
Fixed in = 3.2.9.Final
io.netty:netty-allMAVEN
From 4.0.0.Beta1
Fixed in 4.1.42.Final

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free