HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| io.netty:netty-codec-http(Maven) | 0 | 4.1.44 | N/A |
| org.jboss.netty:netty(Maven) | 0 | N/A | N/A |
| io.netty:netty(Maven) | 0 | N/A | N/A |
CVSS Metrics
