HTTP Response Splitting SNYK-JAVA-IONETTY-3167773

## Overview
[io.netty:netty-codec](https://github.com/netty/netty) is an event-driven asynchronous network application framework.

Affected versions of this package are vulnerable to HTTP Response Splitting when calling `DefaultHttpHeaders.set` on an iterator of values, because header value validation is not performed.

## Workaround
This vulnerability can be worked around by changing the `DefaultHttpHeaders.set(CharSequence, Iterator<?>)` call into a `remove()` call, and calling `add()` in a loop over the iterator.
## Remediation
Upgrade `io.netty:netty-codec` to version 4.1.86.Final or higher.
## References
- [GitHub Commit](https://github.com/netty/netty/commit/fe18adff1c2b333acb135ab779a3b9ba3295a1c4)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

HTTP Response Splitting SNYK-JAVA-IONETTY-3167773 #539

Overview

Workaround

Remediation

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

HTTP Response Splitting SNYK-JAVA-IONETTY-3167773 #539

Description

Overview

Workaround

Remediation

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions