CVE-2019-20444: XSS
First published: Wed Jan 29 2020(Updated: )
A HTTP smuggling flaw was found in HttpObjectDecoder.java in Netty in versions prior to version 4.1.44. HTTP headers with an invalid fold, in this case CRLF (carriage return, line feed) without being followed by SP (space) or HTAB (horizontal tab), result in situations where headers can be misread. Data integrity is the highest threat with this vulnerability.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/io.netty:netty | <4.0.0 | |
| maven/org.jboss.netty:netty | <4.0.0 | |
| maven/io.netty:netty-codec-http | >=4.0.0<4.1.44 | 4.1.44 |
| redhat/qpid-proton | <0:0.30.0-4.el6_10 | 0:0.30.0-4.el6_10 |
| redhat/qpid-proton | <0:0.30.0-2.el7 | 0:0.30.0-2.el7 |
| redhat/nodejs-rhea | <0:1.0.16-1.el8 | 0:1.0.16-1.el8 |
| redhat/qpid-proton | <0:0.30.0-3.el8 | 0:0.30.0-3.el8 |
| redhat/eap7-netty | <0:4.1.45-1.Final_redhat_00001.1.el6ea | 0:4.1.45-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-2.redhat_00009.1.el6ea | 0:2.9.0-2.redhat_00009.1.el6ea |
| redhat/eap7-apache-commons-beanutils | <0:1.9.4-1.redhat_00002.1.el6ea | 0:1.9.4-1.redhat_00002.1.el6ea |
| redhat/eap7-glassfish-el | <0:3.0.1-4.b08_redhat_00003.1.el6ea | 0:3.0.1-4.b08_redhat_00003.1.el6ea |
| redhat/eap7-glassfish-jaxb | <0:2.3.3-4.b02_redhat_00001.1.el6ea | 0:2.3.3-4.b02_redhat_00001.1.el6ea |
| redhat/eap7-glassfish-jsf | <0:2.3.5-7.SP3_redhat_00005.1.el6ea | 0:2.3.5-7.SP3_redhat_00005.1.el6ea |
| redhat/eap7-hal-console | <0:3.0.20-1.Final_redhat_00001.1.el6ea | 0:3.0.20-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-hibernate | <0:5.3.15-1.Final_redhat_00001.1.el6ea | 0:5.3.15-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-infinispan | <0:9.3.8-1.Final_redhat_00001.1.el6ea | 0:9.3.8-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-ironjacamar | <0:1.4.20-1.Final_redhat_00001.1.el6ea | 0:1.4.20-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jackson-databind | <0:2.9.10.2-1.redhat_00001.1.el6ea | 0:2.9.10.2-1.redhat_00001.1.el6ea |
| redhat/eap7-jaegertracing-jaeger-client-java | <0:0.34.1-1.redhat_00002.1.el6ea | 0:0.34.1-1.redhat_00002.1.el6ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.28-1.Final_redhat_00001.1.el6ea | 0:4.0.28-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-remoting | <0:5.0.17-1.Final_redhat_00001.1.el6ea | 0:5.0.17-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-server-migration | <0:1.3.1-8.Final_redhat_00009.1.el6ea | 0:1.3.1-8.Final_redhat_00009.1.el6ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-23.SP12_redhat_00012.1.el6ea | 0:2.5.5-23.SP12_redhat_00012.1.el6ea |
| redhat/eap7-stax2-api | <0:4.2.0-1.redhat_00001.1.el6ea | 0:4.2.0-1.redhat_00001.1.el6ea |
| redhat/eap7-sun-istack-commons | <0:3.0.10-1.redhat_00001.1.el6ea | 0:3.0.10-1.redhat_00001.1.el6ea |
| redhat/eap7-thrift | <0:0.13.0-1.redhat_00002.1.el6ea | 0:0.13.0-1.redhat_00002.1.el6ea |
| redhat/eap7-wildfly | <0:7.2.7-4.GA_redhat_00004.1.el6ea | 0:7.2.7-4.GA_redhat_00004.1.el6ea |
| redhat/eap7-wildfly-http-client | <0:1.0.20-1.Final_redhat_00001.1.el6ea | 0:1.0.20-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wildfly-openssl | <0:1.0.9-2.SP03_redhat_00001.1.el6ea | 0:1.0.9-2.SP03_redhat_00001.1.el6ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.9-1.Final_redhat_00001.1.el6ea | 0:1.1.9-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-woodstox-core | <0:6.0.3-1.redhat_00001.1.el6ea | 0:6.0.3-1.redhat_00001.1.el6ea |
| redhat/eap7-xml-security | <0:2.1.4-1.redhat_00001.1.el6ea | 0:2.1.4-1.redhat_00001.1.el6ea |
| redhat/eap7-netty | <0:4.1.45-1.Final_redhat_00001.1.el7ea | 0:4.1.45-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-2.redhat_00009.1.el7ea | 0:2.9.0-2.redhat_00009.1.el7ea |
| redhat/eap7-apache-commons-beanutils | <0:1.9.4-1.redhat_00002.1.el7ea | 0:1.9.4-1.redhat_00002.1.el7ea |
| redhat/eap7-glassfish-el | <0:3.0.1-4.b08_redhat_00003.1.el7ea | 0:3.0.1-4.b08_redhat_00003.1.el7ea |
| redhat/eap7-glassfish-jaxb | <0:2.3.3-4.b02_redhat_00001.1.el7ea | 0:2.3.3-4.b02_redhat_00001.1.el7ea |
| redhat/eap7-glassfish-jsf | <0:2.3.5-7.SP3_redhat_00005.1.el7ea | 0:2.3.5-7.SP3_redhat_00005.1.el7ea |
| redhat/eap7-hal-console | <0:3.0.20-1.Final_redhat_00001.1.el7ea | 0:3.0.20-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate | <0:5.3.15-1.Final_redhat_00001.1.el7ea | 0:5.3.15-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-infinispan | <0:9.3.8-1.Final_redhat_00001.1.el7ea | 0:9.3.8-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar | <0:1.4.20-1.Final_redhat_00001.1.el7ea | 0:1.4.20-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jackson-databind | <0:2.9.10.2-1.redhat_00001.1.el7ea | 0:2.9.10.2-1.redhat_00001.1.el7ea |
| redhat/eap7-jaegertracing-jaeger-client-java | <0:0.34.1-1.redhat_00002.1.el7ea | 0:0.34.1-1.redhat_00002.1.el7ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.28-1.Final_redhat_00001.1.el7ea | 0:4.0.28-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-remoting | <0:5.0.17-1.Final_redhat_00001.1.el7ea | 0:5.0.17-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.3.1-8.Final_redhat_00009.1.el7ea | 0:1.3.1-8.Final_redhat_00009.1.el7ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-23.SP12_redhat_00012.1.el7ea | 0:2.5.5-23.SP12_redhat_00012.1.el7ea |
| redhat/eap7-stax2-api | <0:4.2.0-1.redhat_00001.1.el7ea | 0:4.2.0-1.redhat_00001.1.el7ea |
| redhat/eap7-sun-istack-commons | <0:3.0.10-1.redhat_00001.1.el7ea | 0:3.0.10-1.redhat_00001.1.el7ea |
| redhat/eap7-thrift | <0:0.13.0-1.redhat_00002.1.el7ea | 0:0.13.0-1.redhat_00002.1.el7ea |
| redhat/eap7-wildfly | <0:7.2.7-4.GA_redhat_00004.1.el7ea | 0:7.2.7-4.GA_redhat_00004.1.el7ea |
| redhat/eap7-wildfly-http-client | <0:1.0.20-1.Final_redhat_00001.1.el7ea | 0:1.0.20-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-openssl | <0:1.0.9-2.SP03_redhat_00001.1.el7ea | 0:1.0.9-2.SP03_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.9-1.Final_redhat_00001.1.el7ea | 0:1.1.9-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-woodstox-core | <0:6.0.3-1.redhat_00001.1.el7ea | 0:6.0.3-1.redhat_00001.1.el7ea |
| redhat/eap7-xml-security | <0:2.1.4-1.redhat_00001.1.el7ea | 0:2.1.4-1.redhat_00001.1.el7ea |
| redhat/eap7-netty | <0:4.1.45-1.Final_redhat_00001.1.el8ea | 0:4.1.45-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-2.redhat_00009.1.el8ea | 0:2.9.0-2.redhat_00009.1.el8ea |
| redhat/eap7-apache-commons-beanutils | <0:1.9.4-1.redhat_00002.1.el8ea | 0:1.9.4-1.redhat_00002.1.el8ea |
| redhat/eap7-glassfish-el | <0:3.0.1-4.b08_redhat_00003.1.el8ea | 0:3.0.1-4.b08_redhat_00003.1.el8ea |
| redhat/eap7-glassfish-jaxb | <0:2.3.3-4.b02_redhat_00001.1.el8ea | 0:2.3.3-4.b02_redhat_00001.1.el8ea |
| redhat/eap7-glassfish-jsf | <0:2.3.5-7.SP3_redhat_00005.1.el8ea | 0:2.3.5-7.SP3_redhat_00005.1.el8ea |
| redhat/eap7-hal-console | <0:3.0.20-1.Final_redhat_00001.1.el8ea | 0:3.0.20-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate | <0:5.3.15-1.Final_redhat_00001.1.el8ea | 0:5.3.15-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-infinispan | <0:9.3.8-1.Final_redhat_00001.1.el8ea | 0:9.3.8-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar | <0:1.4.20-1.Final_redhat_00001.1.el8ea | 0:1.4.20-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jackson-databind | <0:2.9.10.2-1.redhat_00001.1.el8ea | 0:2.9.10.2-1.redhat_00001.1.el8ea |
| redhat/eap7-jaegertracing-jaeger-client-java | <0:0.34.1-1.redhat_00002.1.el8ea | 0:0.34.1-1.redhat_00002.1.el8ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.28-1.Final_redhat_00001.1.el8ea | 0:4.0.28-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-remoting | <0:5.0.17-1.Final_redhat_00001.1.el8ea | 0:5.0.17-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.3.1-8.Final_redhat_00009.1.el8ea | 0:1.3.1-8.Final_redhat_00009.1.el8ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-23.SP12_redhat_00012.1.el8ea | 0:2.5.5-23.SP12_redhat_00012.1.el8ea |
| redhat/eap7-stax2-api | <0:4.2.0-1.redhat_00001.1.el8ea | 0:4.2.0-1.redhat_00001.1.el8ea |
| redhat/eap7-sun-istack-commons | <0:3.0.10-1.redhat_00001.1.el8ea | 0:3.0.10-1.redhat_00001.1.el8ea |
| redhat/eap7-thrift | <0:0.13.0-1.redhat_00002.1.el8ea | 0:0.13.0-1.redhat_00002.1.el8ea |
| redhat/eap7-wildfly | <0:7.2.7-4.GA_redhat_00004.1.el8ea | 0:7.2.7-4.GA_redhat_00004.1.el8ea |
| redhat/eap7-wildfly-http-client | <0:1.0.20-1.Final_redhat_00001.1.el8ea | 0:1.0.20-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-openssl | <0:1.0.9-2.SP03_redhat_00001.1.el8ea | 0:1.0.9-2.SP03_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.9-1.Final_redhat_00001.1.el8ea | 0:1.1.9-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-woodstox-core | <0:6.0.3-1.redhat_00001.1.el8ea | 0:6.0.3-1.redhat_00001.1.el8ea |
| redhat/eap7-xml-security | <0:2.1.4-1.redhat_00001.1.el8ea | 0:2.1.4-1.redhat_00001.1.el8ea |
| Netty Netty | <4.1.44 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =33 | |
| Canonical Ubuntu Linux | =18.04 | |
| Redhat Jboss Amq Clients | =2 | |
| Redhat Jboss Enterprise Application Platform | =7.2 | |
| Redhat Jboss Enterprise Application Platform | =7.3 | |
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| All of | ||
| Any of | ||
| Redhat Jboss Amq Clients | =2 | |
| Redhat Jboss Enterprise Application Platform | =7.2 | |
| Redhat Jboss Enterprise Application Platform | =7.3 | |
| Any of | ||
| Redhat Enterprise Linux | =6.0 | |
| Redhat Enterprise Linux | =7.0 | |
| Redhat Enterprise Linux | =8.0 | |
| debian/netty | 1:4.1.48-4+deb11u2 1:4.1.48-7+deb12u1 1:4.1.48-10 | |
| redhat/netty | <4.1.44 | 4.1.44 |
Remedy
* Use HTTP/2 instead (clear boundaries between requests) * Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2019-20444
- https://github.com/netty/netty/issues/9866
- https://github.com/netty/netty/pull/9871
- https://github.com/netty/netty/compare/netty-4.1.43.Final...netty-4.1.44.Final
- https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7@%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b@%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5@%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986@%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948@%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114@%3Ccommits.druid.apache.org%3E
- https://access.redhat.com/errata/RHSA-2020:0497
- https://access.redhat.com/errata/RHSA-2020:0567
- https://access.redhat.com/errata/RHSA-2020:0601
- https://access.redhat.com/errata/RHSA-2020:0605
- https://access.redhat.com/errata/RHSA-2020:0606
- https://access.redhat.com/errata/RHSA-2020:0804
- https://access.redhat.com/errata/RHSA-2020:0805
- https://access.redhat.com/errata/RHSA-2020:0806
- https://access.redhat.com/errata/RHSA-2020:0811
- https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5@%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d@%3Cdev.geode.apache.org%3E
- https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749@%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3@%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d@%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532@%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4@%3Ccommon-commits.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543@%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d@%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f@%3Cdev.geode.apache.org%3E
- https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836@%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f@%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91@%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6@%3Ccommon-commits.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9@%3Ccommon-commits.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9@%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762@%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41@%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f@%3Cdev.flink.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00004.html
- https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
- https://usn.ubuntu.com/4532-1/
- https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec@%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2@%3Ccommits.pulsar.apache.org%3E
- https://www.debian.org/security/2021/dsa-4885
- https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f@%3Cissues.spark.apache.org%3E
- https://github.com/netty/netty/pull/9871/files#diff-e26989b9171ef22c27c9f7d80689cfb059d568c9bd10e75970d96c02d0654878
- https://github.com/advisories/GHSA-cqqj-4p63-rrmm (Advisory)
- https://www.cve.org/CVERecord?id=CVE-2019-20444 https://nvd.nist.gov/vuln/detail/CVE-2019-20444 https://github.com/elastic/elasticsearch/issues/49396
- https://bugzilla.redhat.com/show_bug.cgi?id=1798524
- https://access.redhat.com/errata/RHSA-2020:0922
- https://access.redhat.com/errata/RHSA-2020:1445
- https://access.redhat.com/errata/RHSA-2020:0939
- https://access.redhat.com/errata/RHSA-2020:3196
- https://access.redhat.com/errata/RHSA-2020:2321
- https://access.redhat.com/errata/RHSA-2020:2333
- https://access.redhat.com/errata/RHSA-2020:3192
- https://access.redhat.com/errata/RHSA-2020:3197
- https://access.redhat.com/errata/RHSA-2020:0951
- https://access.redhat.com/security/cve/cve-2019-20444
- https://launchpad.net/bugs/cve/CVE-2019-20444
- https://lists.apache.org/thread.html/r059b042bca47be53ff8a51fd04d95eb01bb683f1afa209db136e8cb7%40%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r0aa8b28e76ec01c697b15e161e6797e88fc8d406ed762e253401106e%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/r0c3d49bfdbc62fd3915676433cc5899c5506d06da1c552ef1b7923a5%40%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r0f5e72d5f69b4720dfe64fcbc2da9afae949ed1e9cbffa84bb7d92d7%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r1fcccf8bdb3531c28bc9aa605a6a1bea7e68cef6fc12e01faafb2fb5%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r205937c85817a911b0c72655c2377e7a2c9322d6ef6ce1b118d34d8d%40%3Cdev.geode.apache.org%3E
- https://lists.apache.org/thread.html/r2f2989b7815d809ff3fda8ce330f553e5f133505afd04ffbc135f35f%40%3Cissues.spark.apache.org%3E
- https://lists.apache.org/thread.html/r310d2ce22304d5298ff87f10134f918c87919b452734f9841d95682d%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r34912a9b1a5c269a77b8be94ef6fb6d1e9b3c69129719dc00f01cf0b%40%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r36fcf538b28f2029e8b4f6b9a772f3b107913a78f09b095c5b153a62%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r489886fe72a98768eed665474cba13bad8d6fe0654f24987706636c5%40%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r4c675b2d0cc2a5e506b11ee10d60a378859ee340aca052e4c7ef4749%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r4d3f1d3e333d9c2b2f6e6ae8ed8750d4de03410ac294bcd12c7eefa3%40%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/r640eb9b3213058a963e18291f903fc1584e577f60035f941e32f760a%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r6945f3c346b7af89bbd3526a7c9b705b1e3569070ebcd0964bcedd7d%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r70b1ff22ee80e8101805b9a473116dd33265709007d2deb6f8c80bf2%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/r7790b9d99696d9eddce8a8c96f13bb68460984294ea6fea3800143e4%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r804895eedd72c9ec67898286eb185e04df852b0dd5fe53cf5b6138f9%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r819aaeb9944bdcfca438dcc51f05650dc728daf64dfd7d774fc2499b%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r832724df393a7ef25ca4c7c2eb83ad2d6c21c74569acda5233f9f1ec%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r8402d67fdfe9cf169f859d52a7670b28a08eff31e54b522cc1432532%40%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r86befa74c5cd1482c711134104aec339bf7ae879f2c4437d7ec477d4%40%3Ccommon-commits.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r90030b0117490caed526e57271bf4d7f9b012091ac5083c895d16543%40%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/r91e0fa345c86c128b75a4a791b4b503b53173ff4c13049ac7129d319%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r959474dcf7f88565ed89f6252ca5a274419006cb71348f14764b183d%40%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/r96e08f929234e8ba1ef4a93a0fd2870f535a1f9ab628fabc46115986%40%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r9b20cdac704cf9a583400350e2d5b576fa8417c18ddb961201676c60%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ra1a71b576a45426af5ee65255be9596ff3181a342f4ba73b800db78f%40%3Cdev.geode.apache.org%3E
- https://lists.apache.org/thread.html/ra2ace4bcb5cf487f72cbcbfa0f8cc08e755ec2b93d7e69f276148b08%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/ra9fbfe7d4830ae675bf34c7c0f8c22fc8a4099f65706c1bc4f54c593%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/raaac04b7567c554786132144bea3dcb72568edd410c1e6f0101742e7%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rb3361f6c6a5f834ad3db5e998c352760d393c0891b8d3bea90baa836%40%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rb84c57670ec48ef23f4d07973b7fa69f629b8e7fcfb48874362feb6f%40%3Ccommits.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rc7eb5634b71d284483e58665b22bf274a69bd184d9bd7ede52015d91%40%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rcb2c59428f34d4757702f9ae739a8795bda7bea97b857e708a9c62c6%40%3Ccommon-commits.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rce71d33747010d32d31d90f5d737dae26291d96552f513a266c92fbb%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E
- https://lists.apache.org/thread.html/rdb69125652311d0c41f6066ff44072a3642cf33a4b5e3c4f9c1ec9c2%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rdd5d243a5f8ed8b83c0104e321aa420e5e98792a95749e3c9a54c0b9%40%3Ccommon-commits.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/re0b78a3d0a4ba2cf9f4e14e1d05040bde9051d5c78071177186336c9%40%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/re45ee9256d3233c31d78e59ee59c7dc841c7fbd83d0769285b41e948%40%3Ccommits.druid.apache.org%3E
- https://lists.apache.org/thread.html/re78eaef7d01ad65c370df30e45c686fffff00b37f7bfd78b26a08762%40%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rf2bf8e2eb0a03227f5bc100b544113f8cafea01e887bb068e8d1fa41%40%3Ccommon-issues.hadoop.apache.org%3E
- https://lists.apache.org/thread.html/rf5b2dfb7401666a19915f8eaef3ba9f5c3386e2066fcd2ae66e16a2f%40%3Cdev.flink.apache.org%3E
- https://lists.apache.org/thread.html/rfb55f245b08d8a6ec0fb4dc159022227cd22de34c4419c2fbb18802b%40%3Cnotifications.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rff210a24f3a924829790e69eaefa84820902b7b31f17c3bf2def9114%40%3Ccommits.druid.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
- https://github.com/netty/netty/commit/a7c18d44b46e02dadfe3da225a06e5091f5f328e
- https://security-tracker.debian.org/tracker/CVE-2019-20444
- https://exchange.xforce.ibmcloud.com/vulnerabilities/175487
- https://www.ibm.com/support/pages/node/6520510 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1798525
- https://github.com/elastic/elasticsearch/issues/49396
- https://access.redhat.com/security/cve/CVE-2019-16869
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://access.redhat.com/errata/RHSA-2024:5856
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
- https://ubuntu.com/security/CVE-2019-20444
Parent vulnerabilities
(Appears in the following advisories)
- collector/github-advisory-latest
- alias/GHSA-cqqj-4p63-rrmm
- alias/CVE-2019-20444
- collector/github-advisory
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/weakness
- agent/remedy
- agent/description
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/last-modified-date
- agent/references
- agent/tags
- collector/usn-cve
- source/Ubuntu
- package-manager/maven
- package-manager/redhat
- vendor/netty
- canonical/netty netty
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/18.04
- vendor/redhat
- canonical/redhat jboss amq clients
- version/redhat jboss amq clients/2
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/7.2
- version/redhat jboss enterprise application platform/7.3
- canonical/redhat enterprise linux
- version/redhat enterprise linux/6.0
- version/redhat enterprise linux/7.0
- version/redhat enterprise linux/8.0
- package-manager/debian