CVE-2019-16869: Reactor Netty Consumes a Vulnerable Version of Netty
Reactor Netty, versions 0.8.x prior to 0.8.13 and 0.9.x prior to 0.9.1, depends on vulnerable versions of netty (versions prior to 4.1.42), which incorrectly handles whitespace before a colon in headers, leading to HTTP request smuggling attacks.
Affected VMware Products and Versions
Severity is high unless otherwise noted.
- 0.8 versions prior to 0.8.13.RELEASE
- 0.9 versions prior to 0.9.1.RELEASE
Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include:
2019-10-28: Initial vulnerability report published.