CVE-2019-16869

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://github.com/netty/netty/issues/9571", "name": "https://github.com/netty/netty/issues/9571", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final", "name": "https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "https://lists.apache.org/thread.html/9128111213b7b734ffc85db08d8f789b00a85a7f241b708e55debbd0@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/6e1e34c0d5635a987d595df9e532edac212307243bb1b49eead6d55b@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty with CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/e39931d7cdd17241e69a0a09a89d99d7435bcc59afee8a9628d67769@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20190930 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/2494a2ac7f66af6e4646a4937b17972a4ec7cd3c7333c66ffd6c639d@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/76540c8b0ed761bfa6c81fa28c13057f13a5448aed079d656f6a3c79@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00035.html", "name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1941-1] netty security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/d3eb0dbea75ef5c400bd49dfa1901ad50be606cca3cb29e0d01b6a54@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20190930 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/3e6d7aae1cca10257e3caf2d69b22f74c875f12a1314155af422569d@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191001 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/37ed432b8eb35d8bd757f53783ec3e334bd51f514534432bea7f1c3d@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191001 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/bdf7a5e597346a75d2d884ca48c767525e35137ad59d8f10b8fc943c@%3Cdev.zookeeper.apache.org%3E", "name": "[zookeeper-dev] 20191002 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/cf5aa087632ead838f8ac3a42e9837684e7afe6e0fcb7704e0c73bc0@%3Ccommits.zookeeper.apache.org%3E", "name": "[zookeeper-commits] 20191003 [zookeeper] branch master updated: ZOOKEEPER-3563: Update Netty to address CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/380f6d2730603a2cd6b0a8bea9bcb21a86c199147e77e448c5f7390b@%3Ccommits.zookeeper.apache.org%3E", "name": "[zookeeper-commits] 20191003 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/cbf6e6a04cb37e9320ad20e437df63beeab1755fc0761918ed5c5a6e@%3Ccommits.zookeeper.apache.org%3E", "name": "[zookeeper-commits] 20191003 [zookeeper] branch branch-3.5.6 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/2e1cf538b502713c2c42ffa46d81f4688edb5676eb55bd9fc4b4fed7@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191003 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/a0f77c73af32cbe4ff0968bfcbbe80ae6361f3dccdd46f3177547266@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191008 [jira] [Resolved] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/b2cd51795f938632c6f60a4c59d9e587fbacd7f7d0e0a3684850a30f@%3Cissues.zookeeper.apache.org%3E", "name": "[zookeeper-issues] 20191008 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E", "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E", "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/e192fe8797c192679759ffa6b15e4d0806546945a41d8ebfbc6ee3ac@%3Ccommits.tinkerpop.apache.org%3E", "name": "[tinkerpop-commits] 20191022 [tinkerpop] branch tp34 updated: Bump to Netty 4.1.42 fixes CVE-2019-16869 - CTR", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/d14f721e0099b914daebe29bca199fde85d8354253be9d6d3d46507a@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/f6c5ebfb018787c764f000362d59e4b231c0a36b6253aa866de8c64e@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15418) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 for Cassendra 2.2.5", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3892", "name": "RHSA-2019:3892", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E", "name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://access.redhat.com/errata/RHSA-2019:3901", "name": "RHSA-2019:3901", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/d7d530599dc7813056c712213e367b68cdf56fb5c9b73f864870bc4c@%3Cdev.olingo.apache.org%3E", "name": "[olingo-dev] 20191206 [jira] [Created] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/6063699b87b501ecca8dd3b0e82251bfc85f29363a9b46ac5ace80cf@%3Cdev.olingo.apache.org%3E", "name": "[olingo-dev] 20191206 [jira] [Updated] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/19fed892608db1efe5a5ce14372137669ff639df0205323959af7de3@%3Cdev.olingo.apache.org%3E", "name": "[olingo-dev] 20191206 [jira] [Assigned] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/af6e9c2d716868606523857a4cd7a5ee506e6d1710f5fb0d567ec030@%3Cdev.olingo.apache.org%3E", "name": "[olingo-dev] 20191206 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/b264fa5801e87698e9f43f2b5585fbc5ebdc26c6f4aad861b258fb69@%3Cdev.olingo.apache.org%3E", "name": "[olingo-dev] 20191206 [jira] [Resolved] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/b3dda6399a0ea2b647624b899fd330fca81834e41b13e3e11e1002d8@%3Cdev.olingo.apache.org%3E", "name": "[olingo-dev] 20191209 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/ee6faea9e542c0b90afd70297a9daa203e20d41aa2ac7fca6703662f@%3Cissues.spark.apache.org%3E", "name": "[spark-issues] 20191219 [jira] [Updated] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/860acce024d79837e963a51a42bab2cef8e8d017aad2b455ecd1dcf0@%3Cissues.spark.apache.org%3E", "name": "[spark-issues] 20191219 [jira] [Created] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac@%3Cissues.spark.apache.org%3E", "name": "[spark-issues] 20191219 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/b3ddeebbfaf8a288d7de8ab2611cf2609ab76b9809f0633248546b7c@%3Cissues.spark.apache.org%3E", "name": "[spark-issues] 20191220 [jira] [Reopened] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/51923a9ba513b2e816e02a9d1fd8aa6f12e3e4e99bbd9dc884bccbbe@%3Cissues.spark.apache.org%3E", "name": "[spark-issues] 20191220 [jira] [Resolved] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/799eb85d67cbddc1851a3e63a07b55e95b2f44f1685225d38570ce89@%3Cissues.spark.apache.org%3E", "name": "[spark-issues] 20191220 [jira] [Comment Edited] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/64b10f49c68333aaecf00348c5670fe182e49fd60d45c4a3ab241f8b@%3Cissues.spark.apache.org%3E", "name": "[spark-issues] 20191220 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/681493a2f9b63f5b468f741d88d1aa51b2cfcf7a1c5b74ea8c4343fb@%3Cissues.spark.apache.org%3E", "name": "[spark-issues] 20191220 [jira] [Issue Comment Deleted] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/35961d1ae00849974353a932b4fef12ebce074541552eceefa04f1fd@%3Cdev.olingo.apache.org%3E", "name": "[olingo-dev] 20191227 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://www.debian.org/security/2020/dsa-4597", "name": "DSA-4597", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "https://seclists.org/bugtraq/2020/Jan/6", "name": "20200105 [SECURITY] [DSA 4597-1] netty security update", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "BUGTRAQ"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0164", "name": "RHSA-2020:0164", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0159", "name": "RHSA-2020:0159", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0160", "name": "RHSA-2020:0160", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0161", "name": "RHSA-2020:0161", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E", "name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://access.redhat.com/errata/RHSA-2020:0445", "name": "RHSA-2020:0445", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E", "name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E", "name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E", "name": "[hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html", "name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E", "name": "[hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E", "name": "[hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E", "name": "[hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E", "name": "[hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E", "name": "[hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E", "name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E", "name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E", "name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html", "name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E", "name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E", "name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://usn.ubuntu.com/4532-1/", "name": "USN-4532-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E", "name": "[camel-commits] 20201120 [camel] branch camel-2.25.x updated: Updating Netty to 4.1.48.Final to fix some CVEs (e.g. CVE-2019-16869, CVE-2019-20444)", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc@%3Cdev.rocketmq.apache.org%3E", "name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] crazywen opened a new pull request #2517: fix CVE-2019-16869, CVE-2018-8020", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a@%3Cdev.rocketmq.apache.org%3E", "name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] codecov-io commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833@%3Cdev.rocketmq.apache.org%3E", "name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] coveralls commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E", "name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r73c400ab66d79821dec9e3472f0e2c048d528672bdb0f8bf44d7cb1f@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r3225f7dfe6b8a37e800ecb8e31abd7ac6c4312dbd3223dd8139c37bb@%3Ccommits.cassandra.apache.org%3E", "name": "[cassandra-commits] 20210924 [jira] [Commented] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a \"Transfer-Encoding : chunked\" line), which leads to HTTP request smuggling."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-444"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-16869", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2019-09-26T16:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "4.1.42"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-03-30T14:21Z"}