Get ahead
VMware offers training and certification to turbo-charge your progress.
Learn moreCVE-2019-16869: Reactor Netty Consumes a Vulnerable Version of Netty
Description
Reactor Netty, versions 0.8.x prior to 0.8.13 and 0.9.x prior to 0.9.1, depends on vulnerable versions of netty (versions prior to 4.1.42), which incorrectly handles whitespace before a colon in headers, leading to HTTP request smuggling attacks.
References
- https://pivotal.io/security/cve-2019-16869
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16869
History
2019-10-28: Initial vulnerability report published.
Reporting a vulnerability
To report a security vulnerability for a project within the Spring portfolio, see the Security Policy
Get support
Tanzu Spring offers support and binaries for OpenJDK™, Spring, and Apache Tomcat® in one simple subscription.
Learn moreUpcoming events
Check out all the upcoming events in the Spring community.
View all