Details
Description
As per CVE-2019-16869, netty mishandled whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which lead to HTTP request smuggling.
This issue has been resolved in version 4.1.42.Final for both netty and netty-all packages.
Attachments
Issue Links
- is part of
-
SPARK-29445 Bump netty-all from 4.1.39.Final to 4.1.42.Final
- Resolved