CVE-2022-24823 JavaScript framework Netty has an exploitable flaw in version 4.1.77.Final that allows attackers to execute arbitrary code as the Netty HTTP server admin.

CVE-2022-24823 JavaScript framework Netty has an exploitable flaw in version 4.1.77.Final that allows attackers to execute arbitrary code as the Netty HTTP server admin.

A fix for this issue was committed to the `io.netty` Git repository on October 1st, 2018. Additionally, a new release of Netty is being prepared which will fix this vulnerability in `io.netty:netty-codec-http` as well as many other issues. Stay tuned for details on this release. If you'd like to help in testing the new version of Netty, please see the [ getting started guide ](https://github.com/kr/netty/blob/master/RELEASES.md#testing-new-releases) . !!! IMPORTANT !!! If you are using the `Netty 4.x series https://github.com/kr/netty/releases>`_, please upgrade to the latest version. The new version of Netty fixes many other issues as well as the issue described above. If you are using the `Netty 3.x series https://github.com/kr/netty/releases>`_, please upgrade to the latest version. Stay tuned for details on the release of Netty 3.15.1. !!!

Summary of vulnerability

IO.Netty is a Java networking library which is used by many websites to create HTTP endpoints. An issue was found that can allow an attacker to craft a specially-crafted request which would execute arbitrary code on the server when processed.

What is a HTTP Header?

A HTTP header is a name/value pair that is sent, usually in the headers of the HTTP response, by a Web server to the client.
The header contains metadata about the request. The HTTP specification defines several standardized headers which must be followed, but there are also many custom headers defined within specific applications.
A header is part of an HTTP request and can appear multiple times in a request message.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe