Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0106
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| IBM | Cognos Analytics | Cognos Analytics versions 12.x antérieures à 12.0.4 IF2 | ||
| IBM | Cognos Analytics | Cognos Analytics versions 11.2.x antérieures à 11.2.4 FP5 | ||
| IBM | Security QRadar EDR | Security QRadar EDR versions 3.12.x antérieures à 3.12.15 | ||
| IBM | Db2 | IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 à 4.8 antérieures à v4.8.8 | ||
| IBM | Security QRadar SIEM | QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP11 |
References
| Title | Publication Time | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Cognos Analytics versions 12.x ant\u00e9rieures \u00e0 12.0.4 IF2",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Cognos Analytics versions 11.2.x ant\u00e9rieures \u00e0 11.2.4 FP5",
"product": {
"name": "Cognos Analytics",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "Security QRadar EDR versions 3.12.x ant\u00e9rieures \u00e0 3.12.15",
"product": {
"name": "Security QRadar EDR",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "IBM Db2 on Cloud Pak for Data et Db2 Warehouse on Cloud Pak for Data versions 3.5 \u00e0 4.8 ant\u00e9rieures \u00e0 v4.8.8",
"product": {
"name": "Db2",
"vendor": {
"name": "IBM",
"scada": false
}
}
},
{
"description": "QRadar SIEM versions 7.5.0 ant\u00e9rieures \u00e0 7.5.0 UP11",
"product": {
"name": "Security QRadar SIEM",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2023-29483",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-29483"
},
{
"name": "CVE-2023-7104",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7104"
},
{
"name": "CVE-2020-21469",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-21469"
},
{
"name": "CVE-2024-45020",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45020"
},
{
"name": "CVE-2024-46826",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46826"
},
{
"name": "CVE-2024-42070",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42070"
},
{
"name": "CVE-2023-51714",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-51714"
},
{
"name": "CVE-2021-47366",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-47366"
},
{
"name": "CVE-2024-41093",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41093"
},
{
"name": "CVE-2021-21409",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21409"
},
{
"name": "CVE-2024-36361",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-36361"
},
{
"name": "CVE-2024-35939",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35939"
},
{
"name": "CVE-2024-41009",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41009"
},
{
"name": "CVE-2024-29041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29041"
},
{
"name": "CVE-2019-9641",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9641"
},
{
"name": "CVE-2022-21426",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21426"
},
{
"name": "CVE-2024-39503",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39503"
},
{
"name": "CVE-2024-50268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50268"
},
{
"name": "CVE-2024-42292",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42292"
},
{
"name": "CVE-2024-28849",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-28849"
},
{
"name": "CVE-2016-2193",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2193"
},
{
"name": "CVE-2024-42284",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42284"
},
{
"name": "CVE-2024-43788",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43788"
},
{
"name": "CVE-2024-4068",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4068"
},
{
"name": "CVE-2024-26961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26961"
},
{
"name": "CVE-2024-38608",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38608"
},
{
"name": "CVE-2024-50275",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
},
{
"name": "CVE-2024-49352",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49352"
},
{
"name": "CVE-2023-37920",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-37920"
},
{
"name": "CVE-2024-40924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40924"
},
{
"name": "CVE-2024-22353",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22353"
},
{
"name": "CVE-2020-20703",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-20703"
},
{
"name": "CVE-2024-50125",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50125"
},
{
"name": "CVE-2022-48968",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48968"
},
{
"name": "CVE-2024-47715",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47715"
},
{
"name": "CVE-2024-26976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26976"
},
{
"name": "CVE-2024-56326",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56326"
},
{
"name": "CVE-2024-50267",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50267"
},
{
"name": "CVE-2019-9638",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9638"
},
{
"name": "CVE-2022-49016",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49016"
},
{
"name": "CVE-2023-52492",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52492"
},
{
"name": "CVE-2023-5868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5868"
},
{
"name": "CVE-2019-9639",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9639"
},
{
"name": "CVE-2023-28154",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28154"
},
{
"name": "CVE-2024-27062",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27062"
},
{
"name": "CVE-2024-35839",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35839"
},
{
"name": "CVE-2024-49977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49977"
},
{
"name": "CVE-2024-43889",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43889"
},
{
"name": "CVE-2019-20444",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20444"
},
{
"name": "CVE-2024-29415",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29415"
},
{
"name": "CVE-2024-46820",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46820"
},
{
"name": "CVE-2024-45018",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45018"
},
{
"name": "CVE-2024-33883",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-33883"
},
{
"name": "CVE-2024-43880",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43880"
},
{
"name": "CVE-2024-26615",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26615"
},
{
"name": "CVE-2024-50130",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50130"
},
{
"name": "CVE-2024-4317",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4317"
},
{
"name": "CVE-2024-25026",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-25026"
},
{
"name": "CVE-2024-38586",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38586"
},
{
"name": "CVE-2024-53047",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53047"
},
{
"name": "CVE-2024-31141",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-31141"
},
{
"name": "CVE-2023-5870",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5870"
},
{
"name": "CVE-2024-4067",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4067"
},
{
"name": "CVE-2024-45769",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45769"
},
{
"name": "CVE-2024-10977",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10977"
},
{
"name": "CVE-2024-27017",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27017"
},
{
"name": "CVE-2018-20506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20506"
},
{
"name": "CVE-2018-20346",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20346"
},
{
"name": "CVE-2024-46845",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-46845"
},
{
"name": "CVE-2024-40983",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40983"
},
{
"name": "CVE-2021-37137",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37137"
},
{
"name": "CVE-2023-5869",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-5869"
},
{
"name": "CVE-2022-49003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-49003"
},
{
"name": "CVE-2024-42079",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42079"
},
{
"name": "CVE-2024-35898",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-35898"
},
{
"name": "CVE-2024-43854",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43854"
},
{
"name": "CVE-2024-44935",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44935"
},
{
"name": "CVE-2024-50124",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50124"
},
{
"name": "CVE-2022-24823",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24823"
},
{
"name": "CVE-2024-49875",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49875"
},
{
"name": "CVE-2019-9020",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9020"
},
{
"name": "CVE-2024-41066",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41066"
},
{
"name": "CVE-2021-37136",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-37136"
},
{
"name": "CVE-2019-9023",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9023"
},
{
"name": "CVE-2024-7348",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-7348"
},
{
"name": "CVE-2024-42244",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42244"
},
{
"name": "CVE-2024-10976",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10976"
},
{
"name": "CVE-2024-41942",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41942"
},
{
"name": "CVE-2021-21295",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21295"
},
{
"name": "CVE-2024-45770",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-45770"
},
{
"name": "CVE-2024-26851",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26851"
},
{
"name": "CVE-2022-48773",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-48773"
},
{
"name": "CVE-2019-12900",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-12900"
},
{
"name": "CVE-2024-50282",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50282"
},
{
"name": "CVE-2024-24857",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24857"
},
{
"name": "CVE-2024-49866",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49866"
},
{
"name": "CVE-2024-49949",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
},
{
"name": "CVE-2021-43797",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43797"
},
{
"name": "CVE-2024-56201",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-56201"
},
{
"name": "CVE-2024-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41092"
},
{
"name": "CVE-2024-5569",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5569"
},
{
"name": "CVE-2024-29736",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29736"
},
{
"name": "CVE-2019-9021",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-9021"
},
{
"name": "CVE-2024-27268",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-27268"
},
{
"name": "CVE-2024-47535",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47535"
},
{
"name": "CVE-2022-21434",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21434"
},
{
"name": "CVE-2024-41042",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-41042"
},
{
"name": "CVE-2023-2454",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2454"
},
{
"name": "CVE-2022-42004",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42004"
},
{
"name": "CVE-2024-10041",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10041"
},
{
"name": "CVE-2022-34169",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-34169"
},
{
"name": "CVE-2024-43892",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-43892"
},
{
"name": "CVE-2024-50252",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50252"
},
{
"name": "CVE-2024-37890",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-37890"
},
{
"name": "CVE-2024-47668",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-47668"
},
{
"name": "CVE-2017-15010",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15010"
},
{
"name": "CVE-2023-52921",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52921"
},
{
"name": "CVE-2024-53677",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53677"
},
{
"name": "CVE-2024-10978",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10978"
},
{
"name": "CVE-2024-53140",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53140"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2023-2455",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-2455"
},
{
"name": "CVE-2024-39338",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-39338"
},
{
"name": "CVE-2019-20478",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20478"
},
{
"name": "CVE-2024-0985",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-0985"
},
{
"name": "CVE-2024-38541",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38541"
},
{
"name": "CVE-2024-40984",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40984"
},
{
"name": "CVE-2023-52922",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52922"
},
{
"name": "CVE-2024-50274",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50274"
},
{
"name": "CVE-2024-38540",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-38540"
},
{
"name": "CVE-2021-21290",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-21290"
},
{
"name": "CVE-2024-29180",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-29180"
},
{
"name": "CVE-2022-42003",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-42003"
},
{
"name": "CVE-2024-53064",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-53064"
},
{
"name": "CVE-2023-50314",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50314"
},
{
"name": "CVE-2023-52917",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-52917"
},
{
"name": "CVE-2023-26136",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-26136"
},
{
"name": "CVE-2024-44990",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44990"
},
{
"name": "CVE-2023-42282",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-42282"
},
{
"name": "CVE-2024-42301",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-42301"
},
{
"name": "CVE-2024-24786",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24786"
},
{
"name": "CVE-2024-22354",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22354"
},
{
"name": "CVE-2024-50279",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50279"
},
{
"name": "CVE-2022-21476",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21476"
},
{
"name": "CVE-2019-16869",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-16869"
},
{
"name": "CVE-2022-23491",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23491"
},
{
"name": "CVE-2022-21541",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21541"
},
{
"name": "CVE-2024-26924",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-26924"
},
{
"name": "CVE-2022-21540",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-21540"
},
{
"name": "CVE-2024-44989",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-44989"
},
{
"name": "CVE-2018-20505",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-20505"
},
{
"name": "CVE-2024-32007",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-32007"
},
{
"name": "CVE-2024-10979",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-10979"
},
{
"name": "CVE-2019-20445",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20445"
},
{
"name": "CVE-2024-40961",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-40961"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0106",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-02-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
},
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Injection de code indirecte \u00e0 distance (XSS)"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
"vendor_advisories": [
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7182424",
"url": "https://www.ibm.com/support/pages/node/7182424"
},
{
"published_at": "2025-02-03",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7182335",
"url": "https://www.ibm.com/support/pages/node/7182335"
},
{
"published_at": "2025-02-02",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7181898",
"url": "https://www.ibm.com/support/pages/node/7181898"
},
{
"published_at": "2025-02-04",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7181480",
"url": "https://www.ibm.com/support/pages/node/7181480"
},
{
"published_at": "2025-02-05",
"title": "Bulletin de s\u00e9curit\u00e9 IBM 7182696",
"url": "https://www.ibm.com/support/pages/node/7182696"
}
]
}
CVE-2016-2193 (GCVE-0-2016-2193)
Vulnerability from cvelistv5 – Published: 2016-04-11 15:00 – Updated: 2024-08-05 23:24
VLAI
EPSS
Summary
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.postgresql.org/docs/current/static/rel… | x_refsource_CONFIRM |
| http://www.postgresql.org/about/news/1656/ | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1035468 | vdb-entryx_refsource_SECTRACK |
| http://git.postgresql.org/gitweb/?p=postgresql.gi… | x_refsource_CONFIRM |
Date Public
2016-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.639Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-5-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.postgresql.org/about/news/1656/"
},
{
"name": "1035468",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1035468"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-02T09:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/docs/current/static/release-9-5-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.postgresql.org/about/news/1656/"
},
{
"name": "1035468",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1035468"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-2193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/docs/current/static/release-9-5-2.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/current/static/release-9-5-2.html"
},
{
"name": "http://www.postgresql.org/about/news/1656/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news/1656/"
},
{
"name": "1035468",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035468"
},
{
"name": "http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b",
"refsource": "CONFIRM",
"url": "http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-2193",
"datePublished": "2016-04-11T15:00:00.000Z",
"dateReserved": "2016-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.639Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15010 (GCVE-0-2017-15010)
Vulnerability from cvelistv5 – Published: 2017-10-03 16:00 – Updated: 2024-08-05 19:42
VLAI
EPSS
Summary
A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2017:2913 | vendor-advisoryx_refsource_REDHAT |
| https://nodesecurity.io/advisories/525 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/101185 | vdb-entryx_refsource_BID |
| https://access.redhat.com/errata/RHSA-2018:1264 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2017:2912 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2018:1263 | vendor-advisoryx_refsource_REDHAT |
| https://github.com/salesforce/tough-cookie/issues/92 | x_refsource_CONFIRM |
| https://snyk.io/vuln/npm:tough-cookie:20170905 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
Date Public
2017-10-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:42:22.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2017:2913",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://nodesecurity.io/advisories/525"
},
{
"name": "101185",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101185"
},
{
"name": "RHSA-2018:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
},
{
"name": "RHSA-2017:2912",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2912"
},
{
"name": "RHSA-2018:1263",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/salesforce/tough-cookie/issues/92"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://snyk.io/vuln/npm:tough-cookie:20170905"
},
{
"name": "FEDORA-2019-76f1b57c1c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-10-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-12T16:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2017:2913",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://nodesecurity.io/advisories/525"
},
{
"name": "101185",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101185"
},
{
"name": "RHSA-2018:1264",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
},
{
"name": "RHSA-2017:2912",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2912"
},
{
"name": "RHSA-2018:1263",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/salesforce/tough-cookie/issues/92"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://snyk.io/vuln/npm:tough-cookie:20170905"
},
{
"name": "FEDORA-2019-76f1b57c1c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-15010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A ReDoS (regular expression denial of service) flaw was found in the tough-cookie module before 2.3.3 for Node.js. An attacker that is able to make an HTTP request using a specially crafted cookie may cause the application to consume an excessive amount of CPU."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2017:2913",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2913"
},
{
"name": "https://nodesecurity.io/advisories/525",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/525"
},
{
"name": "101185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101185"
},
{
"name": "RHSA-2018:1264",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1264"
},
{
"name": "RHSA-2017:2912",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2912"
},
{
"name": "RHSA-2018:1263",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1263"
},
{
"name": "https://github.com/salesforce/tough-cookie/issues/92",
"refsource": "CONFIRM",
"url": "https://github.com/salesforce/tough-cookie/issues/92"
},
{
"name": "https://snyk.io/vuln/npm:tough-cookie:20170905",
"refsource": "CONFIRM",
"url": "https://snyk.io/vuln/npm:tough-cookie:20170905"
},
{
"name": "FEDORA-2019-76f1b57c1c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6VEBDTGNHVM677SLZDEHMWOP3ISMZSFT/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-15010",
"datePublished": "2017-10-03T16:00:00.000Z",
"dateReserved": "2017-10-03T00:00:00.000Z",
"dateUpdated": "2024-08-05T19:42:22.357Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20346 (GCVE-0-2018-20346)
Vulnerability from cvelistv5 – Published: 2018-12-21 21:00 – Updated: 2024-08-05 11:58
VLAI
EPSS
Summary
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
33 references
Date Public
2018-12-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:58:19.161Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://worthdoingbadly.com/sqlitebug/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677"
},
{
"name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_61"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/articles/3758321"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://blade.tencent.com/magellan/index_en.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209451"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=18685296"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html"
},
{
"name": "106323",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106323"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://crbug.com/900910"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/d44318f59044162e"
},
{
"name": "FreeBSD-EN-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sqlite.org/releaselog/3_25_3.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT209447"
},
{
"name": "openSUSE-SU-2019:1159",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"name": "GLSA-201904-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201904-21"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "FEDORA-2019-49f80a78bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-12-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-31T07:06:25.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://worthdoingbadly.com/sqlitebug/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677"
},
{
"name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_18_61"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/articles/3758321"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://blade.tencent.com/magellan/index_en.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209451"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://news.ycombinator.com/item?id=18685296"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg113218.html"
},
{
"name": "106323",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106323"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://crbug.com/900910"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/d44318f59044162e"
},
{
"name": "FreeBSD-EN-19:03",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sqlite.org/releaselog/3_25_3.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT209447"
},
{
"name": "openSUSE-SU-2019:1159",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"name": "GLSA-201904-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201904-21"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "FEDORA-2019-49f80a78bc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20346",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries that occur after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases), aka Magellan."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://worthdoingbadly.com/sqlitebug/",
"refsource": "MISC",
"url": "https://worthdoingbadly.com/sqlitebug/"
},
{
"name": "https://support.apple.com/HT209446",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209446"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659379"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1659677"
},
{
"name": "[debian-lts-announce] 20181222 [SECURITY] [DLA 1613-1] sqlite3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html"
},
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_61",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_61"
},
{
"name": "https://access.redhat.com/articles/3758321",
"refsource": "MISC",
"url": "https://access.redhat.com/articles/3758321"
},
{
"name": "https://support.apple.com/HT209443",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209443"
},
{
"name": "https://blade.tencent.com/magellan/index_en.html",
"refsource": "MISC",
"url": "https://blade.tencent.com/magellan/index_en.html"
},
{
"name": "https://support.apple.com/HT209451",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209451"
},
{
"name": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html",
"refsource": "MISC",
"url": "https://github.com/zhuowei/worthdoingbadly.com/blob/master/_posts/2018-12-14-sqlitebug.html"
},
{
"name": "https://news.ycombinator.com/item?id=18685296",
"refsource": "MISC",
"url": "https://news.ycombinator.com/item?id=18685296"
},
{
"name": "https://support.apple.com/HT209450",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209450"
},
{
"name": "https://sqlite.org/src/info/940f2adc8541a838",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"name": "https://support.apple.com/HT209448",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209448"
},
{
"name": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/chromium/src/+/c368e30ae55600a1c3c9cb1710a54f9c55de786e"
},
{
"name": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html",
"refsource": "MISC",
"url": "https://www.mail-archive.com/sqlite-users@mailinglists.sqlite.org/msg113218.html"
},
{
"name": "106323",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106323"
},
{
"name": "https://crbug.com/900910",
"refsource": "MISC",
"url": "https://crbug.com/900910"
},
{
"name": "https://sqlite.org/src/info/d44318f59044162e",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/d44318f59044162e"
},
{
"name": "FreeBSD-EN-19:03",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-EN-19:03.sqlite.asc"
},
{
"name": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html",
"refsource": "MISC",
"url": "https://chromereleases.googleblog.com/2018/12/stable-channel-update-for-desktop.html"
},
{
"name": "https://www.sqlite.org/releaselog/3_25_3.html",
"refsource": "MISC",
"url": "https://www.sqlite.org/releaselog/3_25_3.html"
},
{
"name": "https://support.apple.com/HT209447",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT209447"
},
{
"name": "openSUSE-SU-2019:1159",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00040.html"
},
{
"name": "openSUSE-SU-2019:1222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"name": "GLSA-201904-21",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201904-21"
},
{
"name": "USN-4019-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "FEDORA-2019-49f80a78bc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PU4NZ6DDU4BEM3ACM3FM6GLEPX56ZQXK/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20346",
"datePublished": "2018-12-21T21:00:00.000Z",
"dateReserved": "2018-12-21T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:58:19.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20505 (GCVE-0-2018-20505)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:51 – Updated: 2024-08-05 12:05
VLAI
EPSS
Summary
SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
22 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209447"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209451"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases)."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-19T18:06:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/106698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209447"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209451"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite 3.25.2, when queries are run on a table with a malformed PRIMARY KEY, allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/62",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/64",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/66",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/67",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/68",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/69",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"name": "http://www.securityfocus.com/bid/106698",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/106698"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/28",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/29",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/31",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/32",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/33",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/39",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"name": "https://support.apple.com/kb/HT209443",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209443"
},
{
"name": "https://support.apple.com/kb/HT209446",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209446"
},
{
"name": "https://support.apple.com/kb/HT209447",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209447"
},
{
"name": "https://support.apple.com/kb/HT209448",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209448"
},
{
"name": "https://support.apple.com/kb/HT209450",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209450"
},
{
"name": "https://support.apple.com/kb/HT209451",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209451"
},
{
"name": "https://sqlite.org/src/info/1a84668dcfdebaf12415d",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/1a84668dcfdebaf12415d"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20505",
"datePublished": "2019-04-03T17:51:41.000Z",
"dateReserved": "2018-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:05:17.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-20506 (GCVE-0-2018-20506)
Vulnerability from cvelistv5 – Published: 2019-04-03 17:50 – Updated: 2024-08-05 12:05
VLAI
EPSS
Summary
SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a "merge" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
27 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:05:17.401Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106698"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209443"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209446"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209447"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209448"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209450"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209451"
},
{
"name": "openSUSE-SU-2019:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-31T07:06:33.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/106698"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209443"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209446"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209447"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209448"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209450"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/kb/HT209451"
},
{
"name": "openSUSE-SU-2019:1222",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQLite before 3.25.3, when the FTS3 extension is enabled, encounters an integer overflow (and resultant buffer overflow) for FTS3 queries in a \"merge\" operation that occurs after crafted changes to FTS3 shadow tables, allowing remote attackers to execute arbitrary code by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases). This is a different vulnerability than CVE-2018-20346."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://sqlite.org/src/info/940f2adc8541a838",
"refsource": "MISC",
"url": "https://sqlite.org/src/info/940f2adc8541a838"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/62",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/62"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/64",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/64"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/66",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/66"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/67",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/67"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/68",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/68"
},
{
"name": "http://seclists.org/fulldisclosure/2019/Jan/69",
"refsource": "MISC",
"url": "http://seclists.org/fulldisclosure/2019/Jan/69"
},
{
"name": "http://www.securityfocus.com/bid/106698",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/106698"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/28",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/28"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/29",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/29"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/31",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/31"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/32",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/32"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/33",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/33"
},
{
"name": "https://seclists.org/bugtraq/2019/Jan/39",
"refsource": "MISC",
"url": "https://seclists.org/bugtraq/2019/Jan/39"
},
{
"name": "https://support.apple.com/kb/HT209443",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209443"
},
{
"name": "https://support.apple.com/kb/HT209446",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209446"
},
{
"name": "https://support.apple.com/kb/HT209447",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209447"
},
{
"name": "https://support.apple.com/kb/HT209448",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209448"
},
{
"name": "https://support.apple.com/kb/HT209450",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209450"
},
{
"name": "https://support.apple.com/kb/HT209451",
"refsource": "MISC",
"url": "https://support.apple.com/kb/HT209451"
},
{
"name": "openSUSE-SU-2019:1222",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00070.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190502-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190502-0004/"
},
{
"name": "USN-4019-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-1/"
},
{
"name": "USN-4019-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4019-2/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2340-1] sqlite3 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00037.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10365"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-20506",
"datePublished": "2019-04-03T17:50:54.000Z",
"dateReserved": "2018-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:05:17.401Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-12900 (GCVE-0-2019-12900)
Vulnerability from cvelistv5 – Published: 2019-06-19 22:07 – Updated: 2025-06-09 15:57
VLAI
EPSS
Summary
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
Severity
9.8 (Critical)
CWE
- n/a
Assigner
References
23 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:32:55.554Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2019-12900",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-09T15:54:12.653578Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-09T15:57:25.396Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-17T13:06:11.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-12900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190624 [SECURITY] [DLA 1833-1] bzip2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"
},
{
"name": "USN-4038-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-2/"
},
{
"name": "USN-4038-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4038-1/"
},
{
"name": "20190715 [slackware-security] bzip2 (SSA:2019-195-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Jul/22"
},
{
"name": "[debian-lts-announce] 20190718 [SECURITY] [DLA 1833-2] bzip2 regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html"
},
{
"name": "openSUSE-SU-2019:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html"
},
{
"name": "FreeBSD-SA-19:18",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"
},
{
"name": "20190806 FreeBSD Security Advisory FreeBSD-SA-19:18.bzip2",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Aug/4"
},
{
"name": "openSUSE-SU-2019:1918",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html"
},
{
"name": "USN-4146-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4146-1/"
},
{
"name": "USN-4146-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4146-2/"
},
{
"name": "[debian-lts-announce] 20191010 [SECURITY] [DLA 1953-1] clamav security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html"
},
{
"name": "[debian-lts-announce] 20191014 [SECURITY] [DLA 1953-2] clamav regression update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html"
},
{
"name": "openSUSE-SU-2019:2595",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html"
},
{
"name": "openSUSE-SU-2019:2597",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html"
},
{
"name": "[kafka-users] 20200413 CVEs for the dependency software guava and rocksdbjni of Kafka",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b@%3Cusers.kafka.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"
},
{
"name": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"
},
{
"name": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc",
"refsource": "MISC",
"url": "https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc"
},
{
"name": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K68713584?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "[flink-user] 20210716 Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4@%3Cuser.flink.apache.org%3E"
},
{
"name": "[flink-user] 20210717 Re: Flink 1.13.1 - Vulnerabilities CVE-2019-12900 for librocksdbjni",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774@%3Cuser.flink.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-12900",
"datePublished": "2019-06-19T22:07:57.000Z",
"dateReserved": "2019-06-19T00:00:00.000Z",
"dateUpdated": "2025-06-09T15:57:25.396Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-16869 (GCVE-0-2019-16869)
Vulnerability from cvelistv5 – Published: 2019-09-26 15:28 – Updated: 2025-07-07 16:57
VLAI
EPSS
Summary
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
81 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:24:48.659Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/issues/9571"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final"
},
{
"name": "[zookeeper-dev] 20190930 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e39931d7cdd17241e69a0a09a89d99d7435bcc59afee8a9628d67769%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty with CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6e1e34c0d5635a987d595df9e532edac212307243bb1b49eead6d55b%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2494a2ac7f66af6e4646a4937b17972a4ec7cd3c7333c66ffd6c639d%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/76540c8b0ed761bfa6c81fa28c13057f13a5448aed079d656f6a3c79%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9128111213b7b734ffc85db08d8f789b00a85a7f241b708e55debbd0%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1941-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00035.html"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d3eb0dbea75ef5c400bd49dfa1901ad50be606cca3cb29e0d01b6a54%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20191001 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/3e6d7aae1cca10257e3caf2d69b22f74c875f12a1314155af422569d%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191001 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/37ed432b8eb35d8bd757f53783ec3e334bd51f514534432bea7f1c3d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20191002 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/bdf7a5e597346a75d2d884ca48c767525e35137ad59d8f10b8fc943c%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20191003 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/380f6d2730603a2cd6b0a8bea9bcb21a86c199147e77e448c5f7390b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20191003 [zookeeper] branch master updated: ZOOKEEPER-3563: Update Netty to address CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/cf5aa087632ead838f8ac3a42e9837684e7afe6e0fcb7704e0c73bc0%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20191003 [zookeeper] branch branch-3.5.6 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/cbf6e6a04cb37e9320ad20e437df63beeab1755fc0761918ed5c5a6e%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191003 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/2e1cf538b502713c2c42ffa46d81f4688edb5676eb55bd9fc4b4fed7%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191008 [jira] [Resolved] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/a0f77c73af32cbe4ff0968bfcbbe80ae6361f3dccdd46f3177547266%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191008 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b2cd51795f938632c6f60a4c59d9e587fbacd7f7d0e0a3684850a30f%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
},
{
"name": "[tinkerpop-commits] 20191022 [tinkerpop] branch tp34 updated: Bump to Netty 4.1.42 fixes CVE-2019-16869 - CTR",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e192fe8797c192679759ffa6b15e4d0806546945a41d8ebfbc6ee3ac%40%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d14f721e0099b914daebe29bca199fde85d8354253be9d6d3d46507a%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15418) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 for Cassendra 2.2.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/f6c5ebfb018787c764f000362d59e4b231c0a36b6253aa866de8c64e%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "RHSA-2019:3901",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3901"
},
{
"name": "[olingo-dev] 20191206 [jira] [Updated] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/6063699b87b501ecca8dd3b0e82251bfc85f29363a9b46ac5ace80cf%40%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Created] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/d7d530599dc7813056c712213e367b68cdf56fb5c9b73f864870bc4c%40%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/af6e9c2d716868606523857a4cd7a5ee506e6d1710f5fb0d567ec030%40%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Assigned] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/19fed892608db1efe5a5ce14372137669ff639df0205323959af7de3%40%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Resolved] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b264fa5801e87698e9f43f2b5585fbc5ebdc26c6f4aad861b258fb69%40%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191209 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b3dda6399a0ea2b647624b899fd330fca81834e41b13e3e11e1002d8%40%3Cdev.olingo.apache.org%3E"
},
{
"name": "[spark-issues] 20191219 [jira] [Updated] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ee6faea9e542c0b90afd70297a9daa203e20d41aa2ac7fca6703662f%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191219 [jira] [Created] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/860acce024d79837e963a51a42bab2cef8e8d017aad2b455ecd1dcf0%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191219 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Resolved] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/51923a9ba513b2e816e02a9d1fd8aa6f12e3e4e99bbd9dc884bccbbe%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Issue Comment Deleted] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/681493a2f9b63f5b468f741d88d1aa51b2cfcf7a1c5b74ea8c4343fb%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Comment Edited] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/799eb85d67cbddc1851a3e63a07b55e95b2f44f1685225d38570ce89%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/64b10f49c68333aaecf00348c5670fe182e49fd60d45c4a3ab241f8b%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Reopened] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/b3ddeebbfaf8a288d7de8ab2611cf2609ab76b9809f0633248546b7c%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[olingo-dev] 20191227 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/35961d1ae00849974353a932b4fef12ebce074541552eceefa04f1fd%40%3Cdev.olingo.apache.org%3E"
},
{
"name": "DSA-4597",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4597"
},
{
"name": "20200105 [SECURITY] [DSA 4597-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/6"
},
{
"name": "RHSA-2020:0164",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "RHSA-2020:0445",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
},
{
"name": "[hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E"
},
{
"name": "USN-4532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4532-1/"
},
{
"name": "[camel-commits] 20201120 [camel] branch camel-2.25.x updated: Updating Netty to 4.1.48.Final to fix some CVEs (e.g. CVE-2019-16869, CVE-2019-20444)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] crazywen opened a new pull request #2517: fix CVE-2019-16869, CVE-2018-8020",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] coveralls commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] codecov-io commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a%40%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210924 [jira] [Commented] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3225f7dfe6b8a37e800ecb8e31abd7ac6c4312dbd3223dd8139c37bb%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r73c400ab66d79821dec9e3472f0e2c048d528672bdb0f8bf44d7cb1f%40%3Ccommits.cassandra.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a \"Transfer-Encoding : chunked\" line), which leads to HTTP request smuggling."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-07T16:57:29.928Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/netty/netty/issues/9571"
},
{
"url": "https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final"
},
{
"name": "[zookeeper-dev] 20190930 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/e39931d7cdd17241e69a0a09a89d99d7435bcc59afee8a9628d67769@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty with CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/6e1e34c0d5635a987d595df9e532edac212307243bb1b49eead6d55b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/2494a2ac7f66af6e4646a4937b17972a4ec7cd3c7333c66ffd6c639d@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/76540c8b0ed761bfa6c81fa28c13057f13a5448aed079d656f6a3c79@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/9128111213b7b734ffc85db08d8f789b00a85a7f241b708e55debbd0@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1941-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00035.html"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/d3eb0dbea75ef5c400bd49dfa1901ad50be606cca3cb29e0d01b6a54@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20191001 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/3e6d7aae1cca10257e3caf2d69b22f74c875f12a1314155af422569d@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191001 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/37ed432b8eb35d8bd757f53783ec3e334bd51f514534432bea7f1c3d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20191002 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/bdf7a5e597346a75d2d884ca48c767525e35137ad59d8f10b8fc943c@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20191003 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/380f6d2730603a2cd6b0a8bea9bcb21a86c199147e77e448c5f7390b@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20191003 [zookeeper] branch master updated: ZOOKEEPER-3563: Update Netty to address CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/cf5aa087632ead838f8ac3a42e9837684e7afe6e0fcb7704e0c73bc0@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20191003 [zookeeper] branch branch-3.5.6 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/cbf6e6a04cb37e9320ad20e437df63beeab1755fc0761918ed5c5a6e@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191003 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/2e1cf538b502713c2c42ffa46d81f4688edb5676eb55bd9fc4b4fed7@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191008 [jira] [Resolved] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/a0f77c73af32cbe4ff0968bfcbbe80ae6361f3dccdd46f3177547266@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191008 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b2cd51795f938632c6f60a4c59d9e587fbacd7f7d0e0a3684850a30f@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[tinkerpop-commits] 20191022 [tinkerpop] branch tp34 updated: Bump to Netty 4.1.42 fixes CVE-2019-16869 - CTR",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/e192fe8797c192679759ffa6b15e4d0806546945a41d8ebfbc6ee3ac@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/d14f721e0099b914daebe29bca199fde85d8354253be9d6d3d46507a@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15418) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 for Cassendra 2.2.5",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/f6c5ebfb018787c764f000362d59e4b231c0a36b6253aa866de8c64e@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"name": "RHSA-2019:3901",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3901"
},
{
"name": "[olingo-dev] 20191206 [jira] [Updated] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/6063699b87b501ecca8dd3b0e82251bfc85f29363a9b46ac5ace80cf@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Created] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/d7d530599dc7813056c712213e367b68cdf56fb5c9b73f864870bc4c@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/af6e9c2d716868606523857a4cd7a5ee506e6d1710f5fb0d567ec030@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Assigned] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/19fed892608db1efe5a5ce14372137669ff639df0205323959af7de3@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Resolved] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b264fa5801e87698e9f43f2b5585fbc5ebdc26c6f4aad861b258fb69@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191209 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b3dda6399a0ea2b647624b899fd330fca81834e41b13e3e11e1002d8@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[spark-issues] 20191219 [jira] [Updated] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ee6faea9e542c0b90afd70297a9daa203e20d41aa2ac7fca6703662f@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191219 [jira] [Created] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/860acce024d79837e963a51a42bab2cef8e8d017aad2b455ecd1dcf0@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191219 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Resolved] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/51923a9ba513b2e816e02a9d1fd8aa6f12e3e4e99bbd9dc884bccbbe@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Issue Comment Deleted] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/681493a2f9b63f5b468f741d88d1aa51b2cfcf7a1c5b74ea8c4343fb@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Comment Edited] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/799eb85d67cbddc1851a3e63a07b55e95b2f44f1685225d38570ce89@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/64b10f49c68333aaecf00348c5670fe182e49fd60d45c4a3ab241f8b@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Reopened] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/b3ddeebbfaf8a288d7de8ab2611cf2609ab76b9809f0633248546b7c@%3Cissues.spark.apache.org%3E"
},
{
"name": "[olingo-dev] 20191227 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/35961d1ae00849974353a932b4fef12ebce074541552eceefa04f1fd@%3Cdev.olingo.apache.org%3E"
},
{
"name": "DSA-4597",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4597"
},
{
"name": "20200105 [SECURITY] [DSA 4597-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://seclists.org/bugtraq/2020/Jan/6"
},
{
"name": "RHSA-2020:0164",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E"
},
{
"name": "RHSA-2020:0445",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
},
{
"name": "[hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E"
},
{
"name": "USN-4532-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4532-1/"
},
{
"name": "[camel-commits] 20201120 [camel] branch camel-2.25.x updated: Updating Netty to 4.1.48.Final to fix some CVEs (e.g. CVE-2019-16869, CVE-2019-20444)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] crazywen opened a new pull request #2517: fix CVE-2019-16869, CVE-2018-8020",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] coveralls commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] codecov-io commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210924 [jira] [Commented] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r3225f7dfe6b8a37e800ecb8e31abd7ac6c4312dbd3223dd8139c37bb@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r73c400ab66d79821dec9e3472f0e2c048d528672bdb0f8bf44d7cb1f@%3Ccommits.cassandra.apache.org%3E"
},
{
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-16869/5.0.0.Alpha1/exploit"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-16869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a \"Transfer-Encoding : chunked\" line), which leads to HTTP request smuggling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/netty/netty/issues/9571",
"refsource": "MISC",
"url": "https://github.com/netty/netty/issues/9571"
},
{
"name": "https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final",
"refsource": "MISC",
"url": "https://github.com/netty/netty/compare/netty-4.1.41.Final...netty-4.1.42.Final"
},
{
"name": "[zookeeper-dev] 20190930 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e39931d7cdd17241e69a0a09a89d99d7435bcc59afee8a9628d67769@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty with CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6e1e34c0d5635a987d595df9e532edac212307243bb1b49eead6d55b@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2494a2ac7f66af6e4646a4937b17972a4ec7cd3c7333c66ffd6c639d@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Updated] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/76540c8b0ed761bfa6c81fa28c13057f13a5448aed079d656f6a3c79@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Created] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - netty-3.10.6.Final.jar: CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9128111213b7b734ffc85db08d8f789b00a85a7f241b708e55debbd0@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20190930 [SECURITY] [DLA 1941-1] netty security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00035.html"
},
{
"name": "[zookeeper-issues] 20190930 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d3eb0dbea75ef5c400bd49dfa1901ad50be606cca3cb29e0d01b6a54@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20191001 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/3e6d7aae1cca10257e3caf2d69b22f74c875f12a1314155af422569d@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191001 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/37ed432b8eb35d8bd757f53783ec3e334bd51f514534432bea7f1c3d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20191002 Re: [VOTE] Apache ZooKeeper release 3.5.6 candidate 2",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/bdf7a5e597346a75d2d884ca48c767525e35137ad59d8f10b8fc943c@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20191003 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/380f6d2730603a2cd6b0a8bea9bcb21a86c199147e77e448c5f7390b@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20191003 [zookeeper] branch master updated: ZOOKEEPER-3563: Update Netty to address CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/cf5aa087632ead838f8ac3a42e9837684e7afe6e0fcb7704e0c73bc0@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-commits] 20191003 [zookeeper] branch branch-3.5.6 updated: ZOOKEEPER-3563: Update Netty to fix CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/cbf6e6a04cb37e9320ad20e437df63beeab1755fc0761918ed5c5a6e@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191003 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/2e1cf538b502713c2c42ffa46d81f4688edb5676eb55bd9fc4b4fed7@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191008 [jira] [Resolved] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/a0f77c73af32cbe4ff0968bfcbbe80ae6361f3dccdd46f3177547266@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20191008 [jira] [Commented] (ZOOKEEPER-3563) dependency check failing on 3.4 and 3.5 branches - CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b2cd51795f938632c6f60a4c59d9e587fbacd7f7d0e0a3684850a30f@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
},
{
"name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
},
{
"name": "[tinkerpop-commits] 20191022 [tinkerpop] branch tp34 updated: Bump to Netty 4.1.42 fixes CVE-2019-16869 - CTR",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e192fe8797c192679759ffa6b15e4d0806546945a41d8ebfbc6ee3ac@%3Ccommits.tinkerpop.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d14f721e0099b914daebe29bca199fde85d8354253be9d6d3d46507a@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20191113 [jira] [Created] (CASSANDRA-15418) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5 for Cassendra 2.2.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f6c5ebfb018787c764f000362d59e4b231c0a36b6253aa866de8c64e@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "RHSA-2019:3892",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3892"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
},
{
"name": "RHSA-2019:3901",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3901"
},
{
"name": "[olingo-dev] 20191206 [jira] [Updated] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/6063699b87b501ecca8dd3b0e82251bfc85f29363a9b46ac5ace80cf@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Created] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d7d530599dc7813056c712213e367b68cdf56fb5c9b73f864870bc4c@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/af6e9c2d716868606523857a4cd7a5ee506e6d1710f5fb0d567ec030@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Assigned] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/19fed892608db1efe5a5ce14372137669ff639df0205323959af7de3@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191206 [jira] [Resolved] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b264fa5801e87698e9f43f2b5585fbc5ebdc26c6f4aad861b258fb69@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[olingo-dev] 20191209 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b3dda6399a0ea2b647624b899fd330fca81834e41b13e3e11e1002d8@%3Cdev.olingo.apache.org%3E"
},
{
"name": "[spark-issues] 20191219 [jira] [Updated] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ee6faea9e542c0b90afd70297a9daa203e20d41aa2ac7fca6703662f@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191219 [jira] [Created] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/860acce024d79837e963a51a42bab2cef8e8d017aad2b455ecd1dcf0@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191219 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/0acadfb96176768caac79b404110df62d14d30aa9d53b6dbdb1407ac@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Resolved] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/51923a9ba513b2e816e02a9d1fd8aa6f12e3e4e99bbd9dc884bccbbe@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Issue Comment Deleted] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/681493a2f9b63f5b468f741d88d1aa51b2cfcf7a1c5b74ea8c4343fb@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Comment Edited] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/799eb85d67cbddc1851a3e63a07b55e95b2f44f1685225d38570ce89@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Commented] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/64b10f49c68333aaecf00348c5670fe182e49fd60d45c4a3ab241f8b@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-issues] 20191220 [jira] [Reopened] (SPARK-30308) Update Netty and Netty-all to address CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/b3ddeebbfaf8a288d7de8ab2611cf2609ab76b9809f0633248546b7c@%3Cissues.spark.apache.org%3E"
},
{
"name": "[olingo-dev] 20191227 [jira] [Commented] (OLINGO-1414) Dependency check fails on 4.7.0 : CVE-2019-16869 on Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/35961d1ae00849974353a932b4fef12ebce074541552eceefa04f1fd@%3Cdev.olingo.apache.org%3E"
},
{
"name": "DSA-4597",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4597"
},
{
"name": "20200105 [SECURITY] [DSA 4597-1] netty security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/6"
},
{
"name": "RHSA-2020:0164",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0164"
},
{
"name": "RHSA-2020:0159",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0159"
},
{
"name": "RHSA-2020:0160",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0160"
},
{
"name": "RHSA-2020:0161",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0161"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E"
},
{
"name": "RHSA-2020:0445",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0445"
},
{
"name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
},
{
"name": "[hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E"
},
{
"name": "USN-4532-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4532-1/"
},
{
"name": "[camel-commits] 20201120 [camel] branch camel-2.25.x updated: Updating Netty to 4.1.48.Final to fix some CVEs (e.g. CVE-2019-16869, CVE-2019-20444)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] crazywen opened a new pull request #2517: fix CVE-2019-16869, CVE-2018-8020",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r831e0548fad736a98140d0b3b7dc575af0c50faea0b266434ba813cc@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] coveralls commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcddf723a4b4117f8ed6042e9ac25e8c5110a617bab77694b61b14833@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[rocketmq-dev] 20201224 [GitHub] [rocketmq] codecov-io commented on pull request #2517: fix CVE-2019-16869, CVE-2018-8020",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb25b42f666d2cac5e6e6b3f771faf60d1f1aa58073dcdd8db14edf8a@%3Cdev.rocketmq.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210526 [jira] [Created] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210526 [jira] [Updated] (CASSANDRA-16699) Security vulnerability CVE-2020-7238 for Netty",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210924 [jira] [Commented] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3225f7dfe6b8a37e800ecb8e31abd7ac6c4312dbd3223dd8139c37bb@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210924 [jira] [Updated] (CASSANDRA-15417) CVE-2019-16869(Netty is vulnerable to HTTP Request Smuggling) of severity 7.5",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r73c400ab66d79821dec9e3472f0e2c048d528672bdb0f8bf44d7cb1f@%3Ccommits.cassandra.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-16869",
"datePublished": "2019-09-26T15:28:25.000Z",
"dateReserved": "2019-09-25T00:00:00.000Z",
"dateUpdated": "2025-07-07T16:57:29.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20444 (GCVE-0-2019-20444)
Vulnerability from cvelistv5 – Published: 2020-01-29 20:33 – Updated: 2025-07-01 18:01
VLAI
EPSS
Summary
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
67 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.018Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/issues/9866"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java8 #38",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java11 #39",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-master-maven-jdk11 #361",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b%40%3Cdev.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "RHSA-2020:0497",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0497"
},
{
"name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
},
{
"name": "[hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "RHSA-2020:0601",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0601"
},
{
"name": "RHSA-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0606"
},
{
"name": "RHSA-2020:0605",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0605"
},
{
"name": "RHSA-2020:0567",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0567"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6%40%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E"
},
{
"name": "USN-4532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4532-1/"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"name": "[camel-commits] 20201120 [camel] branch camel-2.25.x updated: Updating Netty to 4.1.48.Final to fix some CVEs (e.g. CVE-2019-16869, CVE-2019-20444)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f%40%3Cissues.spark.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an \"invalid fold.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T18:01:08.474Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/netty/netty/issues/9866"
},
{
"url": "https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9@%3Cissues.zookeeper.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java8 #38",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java11 #39",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-master-maven-jdk11 #361",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b@%3Cdev.zookeeper.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E"
},
{
"url": "https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "RHSA-2020:0497",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0497"
},
{
"name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
},
{
"name": "[hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "RHSA-2020:0601",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0601"
},
{
"name": "RHSA-2020:0606",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0606"
},
{
"name": "RHSA-2020:0605",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0605"
},
{
"name": "RHSA-2020:0567",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0567"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d@%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f@%3Cdev.geode.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E"
},
{
"name": "USN-4532-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4532-1/"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"name": "[camel-commits] 20201120 [camel] branch camel-2.25.x updated: Updating Netty to 4.1.48.Final to fix some CVEs (e.g. CVE-2019-16869, CVE-2019-20444)",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E"
},
{
"url": "https://github.com/poc-effectiveness/PoCAdaptation/tree/main/Adapted/CVE-2019-20444/5.0.0.Alpha1/exploit"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an \"invalid fold.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/netty/netty/issues/9866",
"refsource": "MISC",
"url": "https://github.com/netty/netty/issues/9866"
},
{
"name": "https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final",
"refsource": "MISC",
"url": "https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java8 #38",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-branch36-java11 #39",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200204 Build failed in Jenkins: zookeeper-master-maven-jdk11 #361",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "RHSA-2020:0497",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0497"
},
{
"name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200219 [jira] [Assigned] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
},
{
"name": "[hadoop-common-issues] 20200224 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200225 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "RHSA-2020:0601",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0601"
},
{
"name": "RHSA-2020:0606",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0606"
},
{
"name": "RHSA-2020:0605",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0605"
},
{
"name": "RHSA-2020:0567",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0567"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Updated] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200309 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch trunk updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.2 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-commits] 20200309 [hadoop] branch branch-3.1 updated: HADOOP-16871. Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444, CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-issues] 20200310 [jira] [Commented] (HADOOP-16871) Upgrade Netty version to 4.1.45.Final to handle CVE-2019-20444,CVE-2019-16869",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d@%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f@%3Cdev.geode.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E"
},
{
"name": "USN-4532-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4532-1/"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"name": "[camel-commits] 20201120 [camel] branch camel-2.25.x updated: Updating Netty to 4.1.48.Final to fix some CVEs (e.g. CVE-2019-16869, CVE-2019-20444)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20444",
"datePublished": "2020-01-29T20:33:17.000Z",
"dateReserved": "2020-01-29T00:00:00.000Z",
"dateUpdated": "2025-07-01T18:01:08.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20445 (GCVE-0-2019-20445)
Vulnerability from cvelistv5 – Published: 2020-01-29 20:33 – Updated: 2024-08-05 02:39
VLAI
EPSS
Summary
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
54 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/netty/netty/issues/9861"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200203 Re: [VOTE] Apache ZooKeeper release 3.6.0 candidate 1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r81700644754e66ffea465c869cb477de25f8041e21598e8818fc2c45%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "RHSA-2020:0497",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0497"
},
{
"name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
},
{
"name": "RHSA-2020:0601",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0601"
},
{
"name": "RHSA-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0606"
},
{
"name": "RHSA-2020:0605",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0605"
},
{
"name": "RHSA-2020:0567",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0567"
},
{
"name": "[spark-issues] 20200309 [jira] [Created] (SPARK-31095) Upgrade netty version to fix security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb5c065e7bd701b0744f9f28ad769943f91745102716c1eb516325f11%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20200310 [GitHub] [spark] dongjoon-hyun commented on issue #27870: [SPARK-31095][BUILD][2.4] Upgrade netty-all to 4.1.47.Final",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r46f93de62b1e199f3f9babb18128681677c53493546f532ed88c359d%40%3Creviews.spark.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[flume-issues] 20200410 [jira] [Created] (FLUME-3363) CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4ff40646e9ccce13560458419accdfc227b8b6ca4ead3a8a91decc74%40%3Cissues.flume.apache.org%3E"
},
{
"name": "[flume-issues] 20200415 [jira] [Updated] (FLUME-3363) CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r030beff88aeb6d7a2d6cd21342bd18686153ce6e26a4171d0e035663%40%3Cissues.flume.apache.org%3E"
},
{
"name": "[flume-issues] 20200422 [jira] [Commented] (FLUME-3363) CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rbdb59c683d666130906a9c05a1d2b034c4cc08cda7ed41322bd54fe2%40%3Cissues.flume.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E"
},
{
"name": "USN-4532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4532-1/"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f%40%3Cissues.spark.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-24T10:06:21.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/netty/netty/issues/9861"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200203 Re: [VOTE] Apache ZooKeeper release 3.6.0 candidate 1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r81700644754e66ffea465c869cb477de25f8041e21598e8818fc2c45%40%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b%40%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5%40%3Cissues.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f%40%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d%40%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "RHSA-2020:0497",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0497"
},
{
"name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
},
{
"name": "RHSA-2020:0601",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0601"
},
{
"name": "RHSA-2020:0606",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0606"
},
{
"name": "RHSA-2020:0605",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0605"
},
{
"name": "RHSA-2020:0567",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0567"
},
{
"name": "[spark-issues] 20200309 [jira] [Created] (SPARK-31095) Upgrade netty version to fix security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb5c065e7bd701b0744f9f28ad769943f91745102716c1eb516325f11%40%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20200310 [GitHub] [spark] dongjoon-hyun commented on issue #27870: [SPARK-31095][BUILD][2.4] Upgrade netty-all to 4.1.47.Final",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r46f93de62b1e199f3f9babb18128681677c53493546f532ed88c359d%40%3Creviews.spark.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f%40%3Cdev.geode.apache.org%3E"
},
{
"name": "[flume-issues] 20200410 [jira] [Created] (FLUME-3363) CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4ff40646e9ccce13560458419accdfc227b8b6ca4ead3a8a91decc74%40%3Cissues.flume.apache.org%3E"
},
{
"name": "[flume-issues] 20200415 [jira] [Updated] (FLUME-3363) CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r030beff88aeb6d7a2d6cd21342bd18686153ce6e26a4171d0e035663%40%3Cissues.flume.apache.org%3E"
},
{
"name": "[flume-issues] 20200422 [jira] [Commented] (FLUME-3363) CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rbdb59c683d666130906a9c05a1d2b034c4cc08cda7ed41322bd54fe2%40%3Cissues.flume.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E"
},
{
"name": "USN-4532-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4532-1/"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
},
{
"name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f%40%3Cissues.spark.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final",
"refsource": "MISC",
"url": "https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final"
},
{
"name": "https://github.com/netty/netty/issues/9861",
"refsource": "MISC",
"url": "https://github.com/netty/netty/issues/9861"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] ccaominh commented on a change in pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] zachjsh opened a new pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20200131 [GitHub] [druid] gianm merged pull request #9300: Fix / suppress netty CVEs CVE-2019-20445 and CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200203 [jira] [Created] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-dev] 20200203 Re: [VOTE] Apache ZooKeeper release 3.6.0 candidate 1",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r81700644754e66ffea465c869cb477de25f8041e21598e8818fc2c45@%3Cdev.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Assigned] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200203 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200204 [jira] [Resolved] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Updated] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E"
},
{
"name": "[zookeeper-issues] 20200209 [jira] [Commented] (ZOOKEEPER-3716) upgrade netty 4.1.42 to address CVE-2019-20444 CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E"
},
{
"name": "RHSA-2020:0497",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0497"
},
{
"name": "[cassandra-commits] 20200218 [jira] [Created] (CASSANDRA-15590) Upgrade io.netty_netty-all dependency to fix security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2109-1] netty security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html"
},
{
"name": "[debian-lts-announce] 20200219 [SECURITY] [DLA 2110-1] netty-3.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html"
},
{
"name": "RHSA-2020:0601",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0601"
},
{
"name": "RHSA-2020:0606",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0606"
},
{
"name": "RHSA-2020:0605",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0605"
},
{
"name": "RHSA-2020:0567",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0567"
},
{
"name": "[spark-issues] 20200309 [jira] [Created] (SPARK-31095) Upgrade netty version to fix security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb5c065e7bd701b0744f9f28ad769943f91745102716c1eb516325f11@%3Cissues.spark.apache.org%3E"
},
{
"name": "[spark-reviews] 20200310 [GitHub] [spark] dongjoon-hyun commented on issue #27870: [SPARK-31095][BUILD][2.4] Upgrade netty-all to 4.1.47.Final",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r46f93de62b1e199f3f9babb18128681677c53493546f532ed88c359d@%3Creviews.spark.apache.org%3E"
},
{
"name": "RHSA-2020:0806",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0806"
},
{
"name": "RHSA-2020:0811",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0811"
},
{
"name": "RHSA-2020:0804",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0804"
},
{
"name": "RHSA-2020:0805",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0805"
},
{
"name": "[geode-dev] 20200408 Proposal to bring GEODE-7969 to support/1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d@%3Cdev.geode.apache.org%3E"
},
{
"name": "[geode-dev] 20200408 Re: Proposal to bring GEODE-7969 to support/1.12",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f@%3Cdev.geode.apache.org%3E"
},
{
"name": "[flume-issues] 20200410 [jira] [Created] (FLUME-3363) CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4ff40646e9ccce13560458419accdfc227b8b6ca4ead3a8a91decc74@%3Cissues.flume.apache.org%3E"
},
{
"name": "[flume-issues] 20200415 [jira] [Updated] (FLUME-3363) CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r030beff88aeb6d7a2d6cd21342bd18686153ce6e26a4171d0e035663@%3Cissues.flume.apache.org%3E"
},
{
"name": "[flume-issues] 20200422 [jira] [Commented] (FLUME-3363) CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rbdb59c683d666130906a9c05a1d2b034c4cc08cda7ed41322bd54fe2@%3Cissues.flume.apache.org%3E"
},
{
"name": "[cassandra-commits] 20200604 [jira] [Created] (CASSANDRA-15856) Security vulnerabilities with dependency jars of Cassandra 3.11.6",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2365-1] netty-3.9 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html"
},
{
"name": "[debian-lts-announce] 20200904 [SECURITY] [DLA 2364-1] netty security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html"
},
{
"name": "[flink-issues] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E"
},
{
"name": "[flink-dev] 20200910 [jira] [Created] (FLINK-19195) question on security vulnerabilities in flink",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E"
},
{
"name": "USN-4532-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4532-1/"
},
{
"name": "FEDORA-2020-66b5f85ccc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/"
},
{
"name": "[pulsar-commits] 20201215 [GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210120 [GitHub] [pulsar] fmiguelez opened a new issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210121 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20210122 [GitHub] [pulsar] hpvd commented on issue #9249: Upgrade Netty dependency in broker to solve vulnerabilities: CVE-2019-16869, CVE-2020-11612, CVE-2019-20445, CVE-2019-20444",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "DSA-4885",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4885"
},
{
"name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
},
{
"name": "[spark-issues] 20210824 [jira] [Created] (SPARK-36572) Upgrade version of io.netty to 4.1.44.Final to solve CVE-2019-20444 and CVE-2019-20445",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20445",
"datePublished": "2020-01-29T20:33:03.000Z",
"dateReserved": "2020-01-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:10.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-20478 (GCVE-0-2019-20478)
Vulnerability from cvelistv5 – Published: 2020-02-19 03:09 – Updated: 2024-08-05 02:39
VLAI
EPSS
Summary
In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/47655 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:39:10.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/47655"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-19T03:09:08.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/47655"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-20478",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ruamel.yaml through 0.16.7, the load method allows remote code execution if the application calls this method with an untrusted argument. In other words, this issue affects developers who are unaware of the need to use methods such as safe_load in these use cases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/47655",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/47655"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20478",
"datePublished": "2020-02-19T03:09:08.000Z",
"dateReserved": "2020-02-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T02:39:10.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…