Vulnerable Package issue exists @ Maven-io.netty:netty-codec-http-4.1.42.Final in branch master
Netty before 4.1.44.Final, 5.0.0.Alpha1 and 5.0.0.Alpha2 allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Namespace: ytang1-godaddy
Repository: aws-cdk-examples
Repository Url: https://github.com/ytang1-godaddy/aws-cdk-examples
CxAST-Project: ytang1-godaddy/aws-cdk-examples
CxAST platform scan: 9299eec0-db6d-4aaf-a84e-cae2611689d7
Branch: master
Application: aws-cdk-examples
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-444
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: NONE
Remediation Upgrade Recommendation: 4.1.71.Final
References
POC/Exploit
Issue
Pull request
Commit
Release Note
Vulnerable Package issue exists @ Maven-io.netty:netty-codec-http-4.1.42.Final in branch master
Netty before 4.1.44.Final, 5.0.0.Alpha1 and 5.0.0.Alpha2 allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
Namespace: ytang1-godaddy
Repository: aws-cdk-examples
Repository Url: https://github.com/ytang1-godaddy/aws-cdk-examples
CxAST-Project: ytang1-godaddy/aws-cdk-examples
CxAST platform scan: 9299eec0-db6d-4aaf-a84e-cae2611689d7
Branch: master
Application: aws-cdk-examples
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-444
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: NONE
Availability impact: NONE
Remediation Upgrade Recommendation: 4.1.71.Final
References
POC/Exploit
Issue
Pull request
Commit
Release Note