CVE-2019-20445

Published: Jan 29, 2020

Modified: Aug 5, 2024

PUBLISHED

Description

HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final

x_refsource_MISC

https://github.com/netty/netty/issues/9861

x_refsource_MISC

[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444

mailing-list

x_refsource_MLIST

[druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444

mailing-list

x_refsource_MLIST

[druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445

mailing-list

x_refsource_MLIST

[zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445

mailing-list

x_refsource_MLIST

[zookeeper-dev] 20200203 Re: [VOTE] Apache ZooKeeper release 3.6.0 candidate 1

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb%40%3Cnotifications.zookeeper.apache.org%3E

x_refsource_MISC

https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b%40%3Cnotifications.zookeeper.apache.org%3E

x_refsource_MISC

[zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d%40%3Ccommits.zookeeper.apache.org%3E

x_refsource_MISC

https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60%40%3Ccommits.zookeeper.apache.org%3E

x_refsource_MISC

[zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445

mailing-list

x_refsource_MLIST

[zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445

mailing-list

x_refsource_MLIST

https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b%40%3Ccommits.zookeeper.apache.org%3E

x_refsource_MISC

https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f%40%3Ccommits.zookeeper.apache.org%3E

x_refsource_MISC

[zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445

mailing-list

x_refsource_MLIST

RHSA-2020:0497

vendor-advisory

x_refsource_REDHAT

[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update

mailing-list

x_refsource_MLIST

RHSA-2020:0601

vendor-advisory

x_refsource_REDHAT

RHSA-2020:0606

vendor-advisory

x_refsource_REDHAT

RHSA-2020:0605

vendor-advisory

x_refsource_REDHAT

RHSA-2020:0567

vendor-advisory

x_refsource_REDHAT

[spark-issues] 20200309 [jira] [Created] (SPARK-31095) Upgrade netty version to fix security vulnerabilities

mailing-list

x_refsource_MLIST

[spark-reviews] 20200310 [GitHub] [spark] dongjoon-hyun commented on issue #27870: [SPARK-31095][BUILD][2.4] Upgrade netty-all to 4.1.47.Final

mailing-list

x_refsource_MLIST

RHSA-2020:0806

vendor-advisory

x_refsource_REDHAT

RHSA-2020:0811

vendor-advisory

x_refsource_REDHAT

RHSA-2020:0804

vendor-advisory

x_refsource_REDHAT

RHSA-2020:0805

vendor-advisory

x_refsource_REDHAT

[geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12

mailing-list

x_refsource_MLIST

[geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12

mailing-list

x_refsource_MLIST

[flume-issues] 20200410 [jira] [Created] (FLUME-3363) CVE-2019-20445

mailing-list

x_refsource_MLIST

[flume-issues] 20200415 [jira] [Updated] (FLUME-3363) CVE-2019-20445

mailing-list

x_refsource_MLIST

[flume-issues] 20200422 [jira] [Commented] (FLUME-3363) CVE-2019-20445

mailing-list

x_refsource_MLIST

[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6

mailing-list

x_refsource_MLIST

[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update

mailing-list

x_refsource_MLIST

[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink

mailing-list

x_refsource_MLIST

[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink

mailing-list

x_refsource_MLIST

USN-4532-1

vendor-advisory

x_refsource_UBUNTU

FEDORA-2020-66b5f85ccc

vendor-advisory

x_refsource_FEDORA

[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list

mailing-list

x_refsource_MLIST

[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444

mailing-list

x_refsource_MLIST

[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444

mailing-list

x_refsource_MLIST

[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444

mailing-list

x_refsource_MLIST

DSA-4885

vendor-advisory

x_refsource_DEBIAN

[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx

mailing-list

x_refsource_MLIST

[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-20445

Description

Affected Products

References