CVE-2019-20445
CVE-2019-20445
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://access.redhat.com/errata/RHSA-2020:0497https://access.redhat.com/errata/RHSA-2020:0567https://access.redhat.com/errata/RHSA-2020:0601https://access.redhat.com/errata/RHSA-2020:0605https://access.redhat.com/errata/RHSA-2020:0606https://access.redhat.com/errata/RHSA-2020:0804https://access.redhat.com/errata/RHSA-2020:0805https://access.redhat.com/errata/RHSA-2020:0806https://access.redhat.com/errata/RHSA-2020:0811https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Finalhttps://github.com/netty/netty/issues/9861https://lists.apache.org/thread.html/r030beff88aeb6d7a2d6cd21342bd18686153ce6e26a4171d0e035663%40%3Cissues.flume.apache.org%3E