CVE-2020-7238
First published: Sun Jan 26 2020(Updated: )
A flaw was found in Netty, where it mishandles Transfer-Encoding whitespace. This flaw allows HTTP Request Smuggling.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/qpid-proton | <0:0.30.0-4.el6_10 | 0:0.30.0-4.el6_10 |
| redhat/qpid-proton | <0:0.30.0-2.el7 | 0:0.30.0-2.el7 |
| redhat/nodejs-rhea | <0:1.0.16-1.el8 | 0:1.0.16-1.el8 |
| redhat/qpid-proton | <0:0.30.0-3.el8 | 0:0.30.0-3.el8 |
| redhat/eap7-netty | <0:4.1.45-1.Final_redhat_00001.1.el6ea | 0:4.1.45-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-2.redhat_00009.1.el6ea | 0:2.9.0-2.redhat_00009.1.el6ea |
| redhat/eap7-apache-commons-beanutils | <0:1.9.4-1.redhat_00002.1.el6ea | 0:1.9.4-1.redhat_00002.1.el6ea |
| redhat/eap7-glassfish-el | <0:3.0.1-4.b08_redhat_00003.1.el6ea | 0:3.0.1-4.b08_redhat_00003.1.el6ea |
| redhat/eap7-glassfish-jaxb | <0:2.3.3-4.b02_redhat_00001.1.el6ea | 0:2.3.3-4.b02_redhat_00001.1.el6ea |
| redhat/eap7-glassfish-jsf | <0:2.3.5-7.SP3_redhat_00005.1.el6ea | 0:2.3.5-7.SP3_redhat_00005.1.el6ea |
| redhat/eap7-hal-console | <0:3.0.20-1.Final_redhat_00001.1.el6ea | 0:3.0.20-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-hibernate | <0:5.3.15-1.Final_redhat_00001.1.el6ea | 0:5.3.15-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-infinispan | <0:9.3.8-1.Final_redhat_00001.1.el6ea | 0:9.3.8-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-ironjacamar | <0:1.4.20-1.Final_redhat_00001.1.el6ea | 0:1.4.20-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jackson-databind | <0:2.9.10.2-1.redhat_00001.1.el6ea | 0:2.9.10.2-1.redhat_00001.1.el6ea |
| redhat/eap7-jaegertracing-jaeger-client-java | <0:0.34.1-1.redhat_00002.1.el6ea | 0:0.34.1-1.redhat_00002.1.el6ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.28-1.Final_redhat_00001.1.el6ea | 0:4.0.28-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-remoting | <0:5.0.17-1.Final_redhat_00001.1.el6ea | 0:5.0.17-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-jboss-server-migration | <0:1.3.1-8.Final_redhat_00009.1.el6ea | 0:1.3.1-8.Final_redhat_00009.1.el6ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-23.SP12_redhat_00012.1.el6ea | 0:2.5.5-23.SP12_redhat_00012.1.el6ea |
| redhat/eap7-stax2-api | <0:4.2.0-1.redhat_00001.1.el6ea | 0:4.2.0-1.redhat_00001.1.el6ea |
| redhat/eap7-sun-istack-commons | <0:3.0.10-1.redhat_00001.1.el6ea | 0:3.0.10-1.redhat_00001.1.el6ea |
| redhat/eap7-thrift | <0:0.13.0-1.redhat_00002.1.el6ea | 0:0.13.0-1.redhat_00002.1.el6ea |
| redhat/eap7-wildfly | <0:7.2.7-4.GA_redhat_00004.1.el6ea | 0:7.2.7-4.GA_redhat_00004.1.el6ea |
| redhat/eap7-wildfly-http-client | <0:1.0.20-1.Final_redhat_00001.1.el6ea | 0:1.0.20-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-wildfly-openssl | <0:1.0.9-2.SP03_redhat_00001.1.el6ea | 0:1.0.9-2.SP03_redhat_00001.1.el6ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.9-1.Final_redhat_00001.1.el6ea | 0:1.1.9-1.Final_redhat_00001.1.el6ea |
| redhat/eap7-woodstox-core | <0:6.0.3-1.redhat_00001.1.el6ea | 0:6.0.3-1.redhat_00001.1.el6ea |
| redhat/eap7-xml-security | <0:2.1.4-1.redhat_00001.1.el6ea | 0:2.1.4-1.redhat_00001.1.el6ea |
| redhat/eap7-netty | <0:4.1.45-1.Final_redhat_00001.1.el7ea | 0:4.1.45-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-2.redhat_00009.1.el7ea | 0:2.9.0-2.redhat_00009.1.el7ea |
| redhat/eap7-apache-commons-beanutils | <0:1.9.4-1.redhat_00002.1.el7ea | 0:1.9.4-1.redhat_00002.1.el7ea |
| redhat/eap7-glassfish-el | <0:3.0.1-4.b08_redhat_00003.1.el7ea | 0:3.0.1-4.b08_redhat_00003.1.el7ea |
| redhat/eap7-glassfish-jaxb | <0:2.3.3-4.b02_redhat_00001.1.el7ea | 0:2.3.3-4.b02_redhat_00001.1.el7ea |
| redhat/eap7-glassfish-jsf | <0:2.3.5-7.SP3_redhat_00005.1.el7ea | 0:2.3.5-7.SP3_redhat_00005.1.el7ea |
| redhat/eap7-hal-console | <0:3.0.20-1.Final_redhat_00001.1.el7ea | 0:3.0.20-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-hibernate | <0:5.3.15-1.Final_redhat_00001.1.el7ea | 0:5.3.15-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-infinispan | <0:9.3.8-1.Final_redhat_00001.1.el7ea | 0:9.3.8-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-ironjacamar | <0:1.4.20-1.Final_redhat_00001.1.el7ea | 0:1.4.20-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jackson-databind | <0:2.9.10.2-1.redhat_00001.1.el7ea | 0:2.9.10.2-1.redhat_00001.1.el7ea |
| redhat/eap7-jaegertracing-jaeger-client-java | <0:0.34.1-1.redhat_00002.1.el7ea | 0:0.34.1-1.redhat_00002.1.el7ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.28-1.Final_redhat_00001.1.el7ea | 0:4.0.28-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-remoting | <0:5.0.17-1.Final_redhat_00001.1.el7ea | 0:5.0.17-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-jboss-server-migration | <0:1.3.1-8.Final_redhat_00009.1.el7ea | 0:1.3.1-8.Final_redhat_00009.1.el7ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-23.SP12_redhat_00012.1.el7ea | 0:2.5.5-23.SP12_redhat_00012.1.el7ea |
| redhat/eap7-stax2-api | <0:4.2.0-1.redhat_00001.1.el7ea | 0:4.2.0-1.redhat_00001.1.el7ea |
| redhat/eap7-sun-istack-commons | <0:3.0.10-1.redhat_00001.1.el7ea | 0:3.0.10-1.redhat_00001.1.el7ea |
| redhat/eap7-thrift | <0:0.13.0-1.redhat_00002.1.el7ea | 0:0.13.0-1.redhat_00002.1.el7ea |
| redhat/eap7-wildfly | <0:7.2.7-4.GA_redhat_00004.1.el7ea | 0:7.2.7-4.GA_redhat_00004.1.el7ea |
| redhat/eap7-wildfly-http-client | <0:1.0.20-1.Final_redhat_00001.1.el7ea | 0:1.0.20-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-openssl | <0:1.0.9-2.SP03_redhat_00001.1.el7ea | 0:1.0.9-2.SP03_redhat_00001.1.el7ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.9-1.Final_redhat_00001.1.el7ea | 0:1.1.9-1.Final_redhat_00001.1.el7ea |
| redhat/eap7-woodstox-core | <0:6.0.3-1.redhat_00001.1.el7ea | 0:6.0.3-1.redhat_00001.1.el7ea |
| redhat/eap7-xml-security | <0:2.1.4-1.redhat_00001.1.el7ea | 0:2.1.4-1.redhat_00001.1.el7ea |
| redhat/eap7-netty | <0:4.1.45-1.Final_redhat_00001.1.el8ea | 0:4.1.45-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-activemq-artemis | <0:2.9.0-2.redhat_00009.1.el8ea | 0:2.9.0-2.redhat_00009.1.el8ea |
| redhat/eap7-apache-commons-beanutils | <0:1.9.4-1.redhat_00002.1.el8ea | 0:1.9.4-1.redhat_00002.1.el8ea |
| redhat/eap7-glassfish-el | <0:3.0.1-4.b08_redhat_00003.1.el8ea | 0:3.0.1-4.b08_redhat_00003.1.el8ea |
| redhat/eap7-glassfish-jaxb | <0:2.3.3-4.b02_redhat_00001.1.el8ea | 0:2.3.3-4.b02_redhat_00001.1.el8ea |
| redhat/eap7-glassfish-jsf | <0:2.3.5-7.SP3_redhat_00005.1.el8ea | 0:2.3.5-7.SP3_redhat_00005.1.el8ea |
| redhat/eap7-hal-console | <0:3.0.20-1.Final_redhat_00001.1.el8ea | 0:3.0.20-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-hibernate | <0:5.3.15-1.Final_redhat_00001.1.el8ea | 0:5.3.15-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-infinispan | <0:9.3.8-1.Final_redhat_00001.1.el8ea | 0:9.3.8-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-ironjacamar | <0:1.4.20-1.Final_redhat_00001.1.el8ea | 0:1.4.20-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jackson-databind | <0:2.9.10.2-1.redhat_00001.1.el8ea | 0:2.9.10.2-1.redhat_00001.1.el8ea |
| redhat/eap7-jaegertracing-jaeger-client-java | <0:0.34.1-1.redhat_00002.1.el8ea | 0:0.34.1-1.redhat_00002.1.el8ea |
| redhat/eap7-jboss-ejb-client | <0:4.0.28-1.Final_redhat_00001.1.el8ea | 0:4.0.28-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-remoting | <0:5.0.17-1.Final_redhat_00001.1.el8ea | 0:5.0.17-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-jboss-server-migration | <0:1.3.1-8.Final_redhat_00009.1.el8ea | 0:1.3.1-8.Final_redhat_00009.1.el8ea |
| redhat/eap7-picketlink-bindings | <0:2.5.5-23.SP12_redhat_00012.1.el8ea | 0:2.5.5-23.SP12_redhat_00012.1.el8ea |
| redhat/eap7-stax2-api | <0:4.2.0-1.redhat_00001.1.el8ea | 0:4.2.0-1.redhat_00001.1.el8ea |
| redhat/eap7-sun-istack-commons | <0:3.0.10-1.redhat_00001.1.el8ea | 0:3.0.10-1.redhat_00001.1.el8ea |
| redhat/eap7-thrift | <0:0.13.0-1.redhat_00002.1.el8ea | 0:0.13.0-1.redhat_00002.1.el8ea |
| redhat/eap7-wildfly | <0:7.2.7-4.GA_redhat_00004.1.el8ea | 0:7.2.7-4.GA_redhat_00004.1.el8ea |
| redhat/eap7-wildfly-http-client | <0:1.0.20-1.Final_redhat_00001.1.el8ea | 0:1.0.20-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-openssl | <0:1.0.9-2.SP03_redhat_00001.1.el8ea | 0:1.0.9-2.SP03_redhat_00001.1.el8ea |
| redhat/eap7-wildfly-transaction-client | <0:1.1.9-1.Final_redhat_00001.1.el8ea | 0:1.1.9-1.Final_redhat_00001.1.el8ea |
| redhat/eap7-woodstox-core | <0:6.0.3-1.redhat_00001.1.el8ea | 0:6.0.3-1.redhat_00001.1.el8ea |
| redhat/eap7-xml-security | <0:2.1.4-1.redhat_00001.1.el8ea | 0:2.1.4-1.redhat_00001.1.el8ea |
| redhat/ansible-collection-redhat-satellite | <0:1.3.0-1.el7 | 0:1.3.0-1.el7 |
| redhat/ansiblerole-insights-client | <0:1.7.1-1.el7 | 0:1.7.1-1.el7 |
| redhat/ansiblerole-satellite-receptor-installer | <0:0.6.13-1.el7 | 0:0.6.13-1.el7 |
| redhat/ansible-runner | <0:1.4.6-1.el7a | 0:1.4.6-1.el7a |
| redhat/candlepin | <0:3.1.21-1.el7 | 0:3.1.21-1.el7 |
| redhat/foreman | <0:2.1.2.19-1.el7 | 0:2.1.2.19-1.el7 |
| redhat/foreman-bootloaders-redhat | <0:202005201200-1.el7 | 0:202005201200-1.el7 |
| redhat/foreman-discovery-image-service | <0:1.0.0-3.el7 | 0:1.0.0-3.el7 |
| redhat/foreman-installer | <1:2.1.2.8-1.el7 | 1:2.1.2.8-1.el7 |
| redhat/foreman-proxy | <0:2.1.2-2.el7 | 0:2.1.2-2.el7 |
| redhat/foreman-selinux | <0:2.1.2.3-1.el7 | 0:2.1.2.3-1.el7 |
| redhat/future | <0:0.16.0-11.el7 | 0:0.16.0-11.el7 |
| redhat/gofer | <0:2.12.5-7.el7 | 0:2.12.5-7.el7 |
| redhat/hfsplus-tools | <0:332.14-12.el7 | 0:332.14-12.el7 |
| redhat/katello | <0:3.16.0-1.el7 | 0:3.16.0-1.el7 |
| redhat/katello-certs-tools | <0:2.7.1-1.el7 | 0:2.7.1-1.el7 |
| redhat/katello-client-bootstrap | <0:1.7.5-1.el7 | 0:1.7.5-1.el7 |
| redhat/katello-selinux | <0:3.4.0-1.el7 | 0:3.4.0-1.el7 |
| redhat/keycloak-httpd-client-install | <0:1.2.2-1.el7 | 0:1.2.2-1.el7 |
| redhat/kobo | <0:0.5.1-1.el7 | 0:0.5.1-1.el7 |
| redhat/libmodulemd | <0:1.7.0-1.pulp.el7 | 0:1.7.0-1.pulp.el7 |
| redhat/libsolv | <0:0.7.4-4.pulp.el7 | 0:0.7.4-4.pulp.el7 |
| redhat/libwebsockets | <0:2.4.2-2.el7 | 0:2.4.2-2.el7 |
| redhat/livecd-tools | <1:20.4-1.6.el7 | 1:20.4-1.6.el7 |
| redhat/ostree | <0:2017.1-2.atomic.el7 | 0:2017.1-2.atomic.el7 |
| redhat/pcp-mmvstatsd | <0:0.4-2.el7 | 0:0.4-2.el7 |
| redhat/pulp | <0:2.21.3-1.el7 | 0:2.21.3-1.el7 |
| redhat/pulp-docker | <0:3.2.7-1.el7 | 0:3.2.7-1.el7 |
| redhat/pulp-katello | <0:1.0.3-1.el7 | 0:1.0.3-1.el7 |
| redhat/pulp-ostree | <0:1.3.1-2.el7 | 0:1.3.1-2.el7 |
| redhat/pulp-puppet | <0:2.21.3-2.el7 | 0:2.21.3-2.el7 |
| redhat/pulp-rpm | <0:2.21.3-2.el7 | 0:2.21.3-2.el7 |
| redhat/puppet-agent | <0:6.14.0-2.el7 | 0:6.14.0-2.el7 |
| redhat/puppet-agent-oauth | <0:0.5.1-3.el7 | 0:0.5.1-3.el7 |
| redhat/puppetlabs-stdlib | <0:4.25.1-2.el7 | 0:4.25.1-2.el7 |
| redhat/puppetserver | <0:6.13.0-1.el7 | 0:6.13.0-1.el7 |
| redhat/pycairo | <0:1.16.3-9.el7 | 0:1.16.3-9.el7 |
| redhat/pygobject3 | <0:3.28.3-2.el7 | 0:3.28.3-2.el7 |
| redhat/python-aiohttp | <0:3.6.2-4.el7a | 0:3.6.2-4.el7a |
| redhat/python-amqp | <0:2.2.2-5.el7 | 0:2.2.2-5.el7 |
| redhat/python-anyjson | <0:0.3.3-11.el7 | 0:0.3.3-11.el7 |
| redhat/python-apypie | <0:0.2.2-1.el7 | 0:0.2.2-1.el7 |
| redhat/python-async-timeout | <0:3.0.1-2.el7a | 0:3.0.1-2.el7a |
| redhat/python-attrs | <0:19.3.0-3.el7a | 0:19.3.0-3.el7a |
| redhat/python-billiard | <1:3.5.0.3-3.el7 | 1:3.5.0.3-3.el7 |
| redhat/python-blinker | <0:1.3-2.el7 | 0:1.3-2.el7 |
| redhat/python-celery | <0:4.0.2-9.el7 | 0:4.0.2-9.el7 |
| redhat/python-chardet | <0:3.0.4-10.el7a | 0:3.0.4-10.el7a |
| redhat/python-click | <0:6.7-9.el7 | 0:6.7-9.el7 |
| redhat/python-crane | <0:3.3.1-9.el7 | 0:3.3.1-9.el7 |
| redhat/python-daemon | <0:2.1.2-7.el7a | 0:2.1.2-7.el7a |
| redhat/python-dateutil | <0:2.8.1-2.el7a | 0:2.8.1-2.el7a |
| redhat/python-django | <0:1.11.29-1.el7 | 0:1.11.29-1.el7 |
| redhat/python-flask | <1:0.12.2-4.el7 | 1:0.12.2-4.el7 |
| redhat/python-gnupg | <0:0.3.7-1.el7 | 0:0.3.7-1.el7 |
| redhat/python-idna | <0:2.4-2.el7a | 0:2.4-2.el7a |
| redhat/python-idna-ssl | <0:1.1.0-2.el7a | 0:1.1.0-2.el7a |
| redhat/python-isodate | <0:0.5.4-12.el7 | 0:0.5.4-12.el7 |
| redhat/python-itsdangerous | <0:0.24-15.el7 | 0:0.24-15.el7 |
| redhat/python-jinja2 | <0:2.10-10.el7 | 0:2.10-10.el7 |
| redhat/python-jmespath | <0:0.9.0-6.el7_7 | 0:0.9.0-6.el7_7 |
| redhat/python-kid | <0:0.9.6-11.el7 | 0:0.9.6-11.el7 |
| redhat/python-kombu | <10:4.0.2-13.el7 | 10:4.0.2-13.el7 |
| redhat/python-lockfile | <1:0.11.0-10.el7a | 1:0.11.0-10.el7a |
| redhat/python-markupsafe | <0:0.23-21.el7 | 0:0.23-21.el7 |
| redhat/python-mongoengine | <0:0.10.5-2.el7 | 0:0.10.5-2.el7 |
| redhat/python-multidict | <0:4.7.4-2.el7a | 0:4.7.4-2.el7a |
| redhat/python-nectar | <0:1.6.2-1.el7 | 0:1.6.2-1.el7 |
| redhat/python-oauth2 | <0:1.5.211-8.el7 | 0:1.5.211-8.el7 |
| redhat/python-okaara | <0:1.0.37-2.el7 | 0:1.0.37-2.el7 |
| redhat/python-pexpect | <0:4.6-1.el7a | 0:4.6-1.el7a |
| redhat/python-prometheus-client | <0:0.7.1-2.el7a | 0:0.7.1-2.el7a |
| redhat/python-psutil | <0:5.0.1-3.el7 | 0:5.0.1-3.el7 |
| redhat/python-ptyprocess | <0:0.5.2-3.el7a | 0:0.5.2-3.el7a |
| redhat/python-pycurl | <0:7.43.0.2-4.el7 | 0:7.43.0.2-4.el7 |
| redhat/python-pymongo | <0:3.2-2.el7 | 0:3.2-2.el7 |
| redhat/python-qpid | <0:1.35.0-5.el7 | 0:1.35.0-5.el7 |
| redhat/python-receptor-satellite | <0:1.2.0-1.el7 | 0:1.2.0-1.el7 |
| redhat/python-simplejson | <0:3.2.0-1.el7 | 0:3.2.0-1.el7 |
| redhat/python-six | <0:1.11.0-8.el7a | 0:1.11.0-8.el7a |
| redhat/python-twisted | <0:16.4.1-12.el7 | 0:16.4.1-12.el7 |
| redhat/python-typing-extensions | <0:3.7.4.1-2.el7a | 0:3.7.4.1-2.el7a |
| redhat/python-vine | <10:1.1.3-6.el7 | 10:1.1.3-6.el7 |
| redhat/python-werkzeug | <0:0.12.2-5.el7 | 0:0.12.2-5.el7 |
| redhat/python-yarl | <0:1.4.2-2.el7a | 0:1.4.2-2.el7a |
| redhat/python-zope-interface | <0:4.0.5-4.el7 | 0:4.0.5-4.el7 |
| redhat/qpid-cpp | <0:1.36.0-28.el7a | 0:1.36.0-28.el7a |
| redhat/qpid-dispatch | <0:1.5.0-4.el7 | 0:1.5.0-4.el7 |
| redhat/qpid-proton | <0:0.28.0-3.el7 | 0:0.28.0-3.el7 |
| redhat/receptor | <0:0.6.3-1.el7a | 0:0.6.3-1.el7a |
| redhat/redhat-access-insights-puppet | <0:1.0.1-1.el7 | 0:1.0.1-1.el7 |
| redhat/repoview | <0:0.6.6-11.el7 | 0:0.6.6-11.el7 |
| redhat/rhel8-kickstart-setup | <0:0.0.2-1.el7 | 0:0.0.2-1.el7 |
| redhat/rh-postgresql12-postgresql-evr | <0:0.0.2-1.el7 | 0:0.0.2-1.el7 |
| redhat/rubygem-facter | <0:2.4.1-2.el7 | 0:2.4.1-2.el7 |
| redhat/rubygem-highline | <0:1.7.8-3.el7 | 0:1.7.8-3.el7 |
| redhat/rubygem-newt | <0:0.9.6-3.el7 | 0:0.9.6-3.el7 |
| redhat/rubygem-oauth | <0:0.5.4-2.el7 | 0:0.5.4-2.el7 |
| redhat/rubygem-passenger | <0:4.0.18-24.el7 | 0:4.0.18-24.el7 |
| redhat/rubygem-rack | <1:1.6.12-1.el7 | 1:1.6.12-1.el7 |
| redhat/rubygem-rake | <0:0.9.2.2-41.el7 | 0:0.9.2.2-41.el7 |
| redhat/saslwrapper | <0:0.22-5.el7 | 0:0.22-5.el7 |
| redhat/satellite | <0:6.8.0-1.el7 | 0:6.8.0-1.el7 |
| redhat/satellite-installer | <0:6.8.0.11-1.el7 | 0:6.8.0.11-1.el7 |
| redhat/tfm | <0:6.1-1.el7 | 0:6.1-1.el7 |
| redhat/tfm-rubygem-actioncable | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-actionmailbox | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-actionmailer | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-actionpack | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-actiontext | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-actionview | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-activejob | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-activemodel | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-activerecord | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-activerecord-import | <0:1.0.0-6.el7 | 0:1.0.0-6.el7 |
| redhat/tfm-rubygem-activestorage | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-activesupport | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-addressable | <0:2.6.0-1.el7 | 0:2.6.0-1.el7 |
| redhat/tfm-rubygem-algebrick | <0:0.7.3-6.el7 | 0:0.7.3-6.el7 |
| redhat/tfm-rubygem-ancestry | <0:3.0.7-1.el7 | 0:3.0.7-1.el7 |
| redhat/tfm-rubygem-anemone | <0:0.7.2-22.el7 | 0:0.7.2-22.el7 |
| redhat/tfm-rubygem-angular-rails-templates | <1:1.1.0-1.el7 | 1:1.1.0-1.el7 |
| redhat/tfm-rubygem-ansi | <0:1.5.0-2.el7 | 0:1.5.0-2.el7 |
| redhat/tfm-rubygem-apipie-bindings | <0:0.3.0-1.el7 | 0:0.3.0-1.el7 |
| redhat/tfm-rubygem-apipie-dsl | <0:2.2.2-2.el7 | 0:2.2.2-2.el7 |
| redhat/tfm-rubygem-apipie-params | <0:0.0.5-5.el7 | 0:0.0.5-5.el7 |
| redhat/tfm-rubygem-apipie-rails | <0:0.5.17-3.el7 | 0:0.5.17-3.el7 |
| redhat/tfm-rubygem-audited | <0:4.9.0-3.el7 | 0:4.9.0-3.el7 |
| redhat/tfm-rubygem-bcrypt | <0:3.1.12-1.el7 | 0:3.1.12-1.el7 |
| redhat/tfm-rubygem-builder | <0:3.2.4-1.el7 | 0:3.2.4-1.el7 |
| redhat/tfm-rubygem-clamp | <0:1.1.2-5.el7 | 0:1.1.2-5.el7 |
| redhat/tfm-rubygem-coffee-rails | <0:5.0.0-1.el7 | 0:5.0.0-1.el7 |
| redhat/tfm-rubygem-coffee-script | <0:2.4.1-4.el7 | 0:2.4.1-4.el7 |
| redhat/tfm-rubygem-coffee-script-source | <0:1.12.2-4.el7 | 0:1.12.2-4.el7 |
| redhat/tfm-rubygem-concurrent-ruby | <1:1.1.6-2.el7 | 1:1.1.6-2.el7 |
| redhat/tfm-rubygem-concurrent-ruby-edge | <1:0.6.0-2.el7 | 1:0.6.0-2.el7 |
| redhat/tfm-rubygem-crass | <0:1.0.6-1.el7 | 0:1.0.6-1.el7 |
| redhat/tfm-rubygem-daemons | <0:1.2.3-7.el7 | 0:1.2.3-7.el7 |
| redhat/tfm-rubygem-deacon | <0:1.0.0-4.el7 | 0:1.0.0-4.el7 |
| redhat/tfm-rubygem-declarative | <0:0.0.10-1.el7 | 0:0.0.10-1.el7 |
| redhat/tfm-rubygem-declarative-option | <0:0.1.0-1.el7 | 0:0.1.0-1.el7 |
| redhat/tfm-rubygem-deface | <0:1.5.3-2.el7 | 0:1.5.3-2.el7 |
| redhat/tfm-rubygem-diffy | <0:3.0.1-6.el7 | 0:3.0.1-6.el7 |
| redhat/tfm-rubygem-dynflow | <0:1.4.7-1.fm2_1.el7 | 0:1.4.7-1.fm2_1.el7 |
| redhat/tfm-rubygem-erubi | <0:1.9.0-1.el7 | 0:1.9.0-1.el7 |
| redhat/tfm-rubygem-excon | <0:0.58.0-3.el7 | 0:0.58.0-3.el7 |
| redhat/tfm-rubygem-execjs | <0:2.7.0-4.el7 | 0:2.7.0-4.el7 |
| redhat/tfm-rubygem-facter | <0:2.4.0-6.el7 | 0:2.4.0-6.el7 |
| redhat/tfm-rubygem-faraday | <0:0.15.4-1.el7 | 0:0.15.4-1.el7 |
| redhat/tfm-rubygem-ffi | <0:1.12.2-1.el7 | 0:1.12.2-1.el7 |
| redhat/tfm-rubygem-fog-aws | <0:3.6.5-1.el7 | 0:3.6.5-1.el7 |
| redhat/tfm-rubygem-fog-core | <0:2.1.0-3.el7 | 0:2.1.0-3.el7 |
| redhat/tfm-rubygem-fog-google | <0:1.8.2-1.el7 | 0:1.8.2-1.el7 |
| redhat/tfm-rubygem-fog-json | <0:1.2.0-3.el7 | 0:1.2.0-3.el7 |
| redhat/tfm-rubygem-fog-kubevirt | <0:1.3.3-1.el7 | 0:1.3.3-1.el7 |
| redhat/tfm-rubygem-fog-libvirt | <0:0.7.0-1.el7 | 0:0.7.0-1.el7 |
| redhat/tfm-rubygem-fog-openstack | <0:1.0.8-2.el7 | 0:1.0.8-2.el7 |
| redhat/tfm-rubygem-fog-ovirt | <0:1.2.5-1.el7 | 0:1.2.5-1.el7 |
| redhat/tfm-rubygem-fog-vsphere | <0:3.3.1-1.el7 | 0:3.3.1-1.el7 |
| redhat/tfm-rubygem-fog-xml | <0:0.1.2-8.el7 | 0:0.1.2-8.el7 |
| redhat/tfm-rubygem-foreman-tasks | <0:2.0.2-1.fm2_1.el7 | 0:2.0.2-1.fm2_1.el7 |
| redhat/tfm-rubygem-foreman-tasks-core | <0:0.3.4-1.el7 | 0:0.3.4-1.el7 |
| redhat/tfm-rubygem-formatador | <0:0.2.1-11.el7 | 0:0.2.1-11.el7 |
| redhat/tfm-rubygem-fx | <0:0.5.0-1.el7 | 0:0.5.0-1.el7 |
| redhat/tfm-rubygem-gettext | <0:3.1.4-10.el7 | 0:3.1.4-10.el7 |
| redhat/tfm-rubygem-git | <0:1.5.0-1.el7 | 0:1.5.0-1.el7 |
| redhat/tfm-rubygem-gitlab-sidekiq-fetcher | <0:0.5.2-2.el7 | 0:0.5.2-2.el7 |
| redhat/tfm-rubygem-globalid | <0:0.4.2-1.el7 | 0:0.4.2-1.el7 |
| redhat/tfm-rubygem-google-api-client | <0:0.23.9-3.el7 | 0:0.23.9-3.el7 |
| redhat/tfm-rubygem-googleauth | <0:0.6.7-3.el7 | 0:0.6.7-3.el7 |
| redhat/tfm-rubygem-graphql | <0:1.8.14-1.el7 | 0:1.8.14-1.el7 |
| redhat/tfm-rubygem-graphql-batch | <0:0.3.10-1.el7 | 0:0.3.10-1.el7 |
| redhat/tfm-rubygem-gssapi | <0:1.2.0-6.el7 | 0:1.2.0-6.el7 |
| redhat/tfm-rubygem-hashie | <0:3.6.0-1.el7 | 0:3.6.0-1.el7 |
| redhat/tfm-rubygem-highline | <0:1.7.8-4.el7 | 0:1.7.8-4.el7 |
| redhat/tfm-rubygem-http | <0:3.3.0-1.el7 | 0:3.3.0-1.el7 |
| redhat/tfm-rubygem-httpclient | <0:2.8.3-1.el7 | 0:2.8.3-1.el7 |
| redhat/tfm-rubygem-http-cookie | <0:1.0.2-5.el7 | 0:1.0.2-5.el7 |
| redhat/tfm-rubygem-i18n | <0:1.8.2-1.el7 | 0:1.8.2-1.el7 |
| redhat/tfm-rubygem-infoblox | <0:3.0.0-3.el7 | 0:3.0.0-3.el7 |
| redhat/tfm-rubygem-ipaddress | <0:0.8.0-11.el7 | 0:0.8.0-11.el7 |
| redhat/tfm-rubygem-jgrep | <0:1.3.3-12.el7 | 0:1.3.3-12.el7 |
| redhat/tfm-rubygem-journald-logger | <0:2.0.4-2.el7 | 0:2.0.4-2.el7 |
| redhat/tfm-rubygem-journald-native | <0:1.0.11-2.el7 | 0:1.0.11-2.el7 |
| redhat/tfm-rubygem-jwt | <0:2.2.1-1.el7 | 0:2.2.1-1.el7 |
| redhat/tfm-rubygem-kafo | <0:4.1.0-3.el7 | 0:4.1.0-3.el7 |
| redhat/tfm-rubygem-katello | <0:3.16.0.11-1.el7 | 0:3.16.0.11-1.el7 |
| redhat/tfm-rubygem-kubeclient | <0:4.3.0-1.el7 | 0:4.3.0-1.el7 |
| redhat/tfm-rubygem-little-plugger | <0:1.1.4-1.el7 | 0:1.1.4-1.el7 |
| redhat/tfm-rubygem-locale | <0:2.0.9-13.el7 | 0:2.0.9-13.el7 |
| redhat/tfm-rubygem-logging | <0:2.2.2-6.el7 | 0:2.2.2-6.el7 |
| redhat/tfm-rubygem-logging-journald | <0:2.0.0-2.el7 | 0:2.0.0-2.el7 |
| redhat/tfm-rubygem-loofah | <0:2.4.0-1.el7 | 0:2.4.0-1.el7 |
| redhat/tfm-rubygem-mail | <0:2.7.1-1.el7 | 0:2.7.1-1.el7 |
| redhat/tfm-rubygem-marcel | <0:0.3.3-1.el7 | 0:0.3.3-1.el7 |
| redhat/tfm-rubygem-memoist | <0:0.16.0-1.el7 | 0:0.16.0-1.el7 |
| redhat/tfm-rubygem-mimemagic | <0:0.3.5-1.el7 | 0:0.3.5-1.el7 |
| redhat/tfm-rubygem-mime-types | <0:3.2.2-4.el7 | 0:3.2.2-4.el7 |
| redhat/tfm-rubygem-mime-types-data | <0:3.2018.0812-4.el7 | 0:3.2018.0812-4.el7 |
| redhat/tfm-rubygem-multipart-post | <0:2.0.0-1.el7 | 0:2.0.0-1.el7 |
| redhat/tfm-rubygem-mustermann | <0:1.0.2-4.el7 | 0:1.0.2-4.el7 |
| redhat/tfm-rubygem-net-ldap | <0:0.16.1-1.el7 | 0:0.16.1-1.el7 |
| redhat/tfm-rubygem-net-ping | <0:2.0.1-3.el7 | 0:2.0.1-3.el7 |
| redhat/tfm-rubygem-netrc | <0:0.11.0-3.el7 | 0:0.11.0-3.el7 |
| redhat/tfm-rubygem-net-scp | <0:1.2.1-3.el7 | 0:1.2.1-3.el7 |
| redhat/tfm-rubygem-net-ssh | <0:4.2.0-1.el7 | 0:4.2.0-1.el7 |
| redhat/tfm-rubygem-net-ssh-krb | <0:0.4.0-3.el7 | 0:0.4.0-3.el7 |
| redhat/tfm-rubygem-nio4r | <0:2.5.2-2.el7 | 0:2.5.2-2.el7 |
| redhat/tfm-rubygem-nokogiri | <0:1.10.9-1.el7 | 0:1.10.9-1.el7 |
| redhat/tfm-rubygem-oauth | <0:0.5.4-3.el7 | 0:0.5.4-3.el7 |
| redhat/tfm-rubygem-openscap | <0:0.4.9-3.el7 | 0:0.4.9-3.el7 |
| redhat/tfm-rubygem-optimist | <0:3.0.0-1.el7 | 0:3.0.0-1.el7 |
| redhat/tfm-rubygem-os | <0:1.0.0-1.el7 | 0:1.0.0-1.el7 |
| redhat/tfm-rubygem-ovirt-engine-sdk | <0:4.2.3-3.el7 | 0:4.2.3-3.el7 |
| redhat/tfm-rubygem-parse-cron | <0:0.1.4-4.el7 | 0:0.1.4-4.el7 |
| redhat/tfm-rubygem-passenger | <0:4.0.18-26.el7 | 0:4.0.18-26.el7 |
| redhat/tfm-rubygem-pg | <0:1.1.4-2.el7 | 0:1.1.4-2.el7 |
| redhat/tfm-rubygem-polyglot | <0:0.3.5-3.el7 | 0:0.3.5-3.el7 |
| redhat/tfm-rubygem-powerbar | <0:2.0.1-2.el7 | 0:2.0.1-2.el7 |
| redhat/tfm-rubygem-prometheus-client | <0:1.0.0-1.el7 | 0:1.0.0-1.el7 |
| redhat/tfm-rubygem-promise.rb | <0:0.7.4-1.el7 | 0:0.7.4-1.el7 |
| redhat/tfm-rubygem-puma | <0:4.3.3-4.el7 | 0:4.3.3-4.el7 |
| redhat/tfm-rubygem-puma-plugin-systemd | <0:0.1.5-1.el7 | 0:0.1.5-1.el7 |
| redhat/tfm-rubygem-quantile | <0:0.2.0-3.el7 | 0:0.2.0-3.el7 |
| redhat/tfm-rubygem-rabl | <0:0.14.3-1.el7 | 0:0.14.3-1.el7 |
| redhat/tfm-rubygem-rack | <0:2.2.3-1.el7 | 0:2.2.3-1.el7 |
| redhat/tfm-rubygem-rack-cors | <0:1.0.2-1.el7 | 0:1.0.2-1.el7 |
| redhat/tfm-rubygem-rack-jsonp | <0:1.3.1-9.el7 | 0:1.3.1-9.el7 |
| redhat/tfm-rubygem-rack-protection | <0:2.0.3-4.el7 | 0:2.0.3-4.el7 |
| redhat/tfm-rubygem-rack-test | <0:1.1.0-4.el7 | 0:1.1.0-4.el7 |
| redhat/tfm-rubygem-rails | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-rails-dom-testing | <0:2.0.3-6.el7 | 0:2.0.3-6.el7 |
| redhat/tfm-rubygem-rails-html-sanitizer | <0:1.3.0-1.el7 | 0:1.3.0-1.el7 |
| redhat/tfm-rubygem-rails-i18n | <0:6.0.0-2.el7 | 0:6.0.0-2.el7 |
| redhat/tfm-rubygem-railties | <0:6.0.3.1-1.el7 | 0:6.0.3.1-1.el7 |
| redhat/tfm-rubygem-rainbow | <0:2.2.1-5.el7 | 0:2.2.1-5.el7 |
| redhat/tfm-rubygem-rb-inotify | <0:0.9.7-5.el7 | 0:0.9.7-5.el7 |
| redhat/tfm-rubygem-rbovirt | <0:0.1.7-4.el7 | 0:0.1.7-4.el7 |
| redhat/tfm-rubygem-rbvmomi | <0:2.2.0-3.el7 | 0:2.2.0-3.el7 |
| redhat/tfm-rubygem-recursive-open-struct | <0:1.1.0-1.el7 | 0:1.1.0-1.el7 |
| redhat/tfm-rubygem-redis | <0:4.1.2-2.el7 | 0:4.1.2-2.el7 |
| redhat/tfm-rubygem-representable | <0:3.0.4-1.el7 | 0:3.0.4-1.el7 |
| redhat/tfm-rubygem-responders | <0:3.0.0-3.el7 | 0:3.0.0-3.el7 |
| redhat/tfm-rubygem-rest-client | <0:2.0.2-3.el7 | 0:2.0.2-3.el7 |
| redhat/tfm-rubygem-retriable | <0:3.1.2-1.el7 | 0:3.1.2-1.el7 |
| redhat/tfm-rubygem-rkerberos | <0:0.1.5-18.el7 | 0:0.1.5-18.el7 |
| redhat/tfm-rubygem-roadie | <0:3.4.0-3.el7 | 0:3.4.0-3.el7 |
| redhat/tfm-rubygem-roadie-rails | <0:2.1.1-2.el7 | 0:2.1.1-2.el7 |
| redhat/tfm-rubygem-robotex | <0:1.0.0-21.el7 | 0:1.0.0-21.el7 |
| redhat/tfm-rubygem-rsec | <0:0.4.3-4.el7 | 0:0.4.3-4.el7 |
| redhat/tfm-rubygem-ruby2ruby | <0:2.4.2-3.el7 | 0:2.4.2-3.el7 |
| redhat/tfm-rubygem-rubyipmi | <0:0.10.0-6.el7 | 0:0.10.0-6.el7 |
| redhat/tfm-rubygem-ruby-libvirt | <0:0.7.0-4.el7 | 0:0.7.0-4.el7 |
| redhat/tfm-rubygem-runcible | <0:2.13.0-2.el7 | 0:2.13.0-2.el7 |
| redhat/tfm-rubygem-safemode | <0:1.3.5-2.el7 | 0:1.3.5-2.el7 |
| redhat/tfm-rubygem-sequel | <0:5.7.1-2.el7 | 0:5.7.1-2.el7 |
| redhat/tfm-rubygem-sidekiq | <0:5.2.7-3.el7 | 0:5.2.7-3.el7 |
| redhat/tfm-rubygem-signet | <0:0.11.0-3.el7 | 0:0.11.0-3.el7 |
| redhat/tfm-rubygem-sinatra | <0:2.0.3-4.el7 | 0:2.0.3-4.el7 |
| redhat/tfm-rubygem-sprockets | <0:3.7.2-6.el7 | 0:3.7.2-6.el7 |
| redhat/tfm-rubygem-sprockets-rails | <0:3.2.1-6.el7 | 0:3.2.1-6.el7 |
| redhat/tfm-rubygem-sqlite3 | <0:1.3.13-5.el7 | 0:1.3.13-5.el7 |
| redhat/tfm-rubygem-sshkey | <0:1.9.0-3.el7 | 0:1.9.0-3.el7 |
| redhat/tfm-rubygem-statsd-instrument | <0:2.1.4-2.el7 | 0:2.1.4-2.el7 |
| redhat/tfm-rubygem-stomp | <0:1.4.9-1.el7 | 0:1.4.9-1.el7 |
| redhat/tfm-rubygem-text | <0:1.3.0-7.el7 | 0:1.3.0-7.el7 |
| redhat/tfm-rubygem-thor | <0:1.0.1-2.el7 | 0:1.0.1-2.el7 |
| redhat/tfm-rubygem-tilt | <0:2.0.8-4.el7 | 0:2.0.8-4.el7 |
| redhat/tfm-rubygem-timeliness | <0:0.3.10-1.el7 | 0:0.3.10-1.el7 |
| redhat/tfm-rubygem-tzinfo | <0:1.2.6-1.el7 | 0:1.2.6-1.el7 |
| redhat/tfm-rubygem-uber | <0:0.1.0-1.el7 | 0:0.1.0-1.el7 |
| redhat/tfm-rubygem-unf | <0:0.1.3-7.el7 | 0:0.1.3-7.el7 |
| redhat/tfm-rubygem-unicode | <0:0.4.4.4-1.el7 | 0:0.4.4.4-1.el7 |
| redhat/tfm-rubygem-webpack-rails | <0:0.9.8-6.el7 | 0:0.9.8-6.el7 |
| redhat/tfm-rubygem-websocket-driver | <0:0.7.1-1.el7 | 0:0.7.1-1.el7 |
| redhat/tfm-rubygem-websocket-extensions | <0:0.1.5-1.el7 | 0:0.1.5-1.el7 |
| redhat/tfm-rubygem-x-editable-rails | <0:1.5.5-5.el7 | 0:1.5.5-5.el7 |
| redhat/tfm-rubygem-xmlrpc | <0:0.3.0-2.el7 | 0:0.3.0-2.el7 |
| redhat/tfm-rubygem-zeitwerk | <0:2.2.2-1.el7 | 0:2.2.2-1.el7 |
| debian/netty | 1:4.1.48-4+deb11u2 1:4.1.48-7+deb12u1 1:4.1.48-10 | |
| redhat/netty | <4.1.44. | 4.1.44. |
| Netty Netty | =4.1.43 | |
| Fedora | =33 | |
| Debian | =8.0 | |
| Debian | =9.0 | |
| Debian | =10.0 | |
| redhat jboss enterprise application platform | =7.2 | |
| redhat jboss enterprise application platform | =7.3 | |
| redhat jboss enterprise application platform | =7.4 | |
| redhat jboss enterprise application platform text-only advisories | ||
| redhat openshift application runtimes text-only advisories |
Remedy
* Use HTTP/2 instead (clear boundaries between requests) * Disable reuse of backend connections eg. ```http-reuse never``` in HAProxy or whatever equivalent LB settings
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2020-7238 https://nvd.nist.gov/vuln/detail/CVE-2020-7238 https://netty.io/news/2019/12/18/4-1-44-Final.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1796225
- https://access.redhat.com/errata/RHSA-2020:0601
- https://access.redhat.com/errata/RHSA-2020:0922
- https://access.redhat.com/errata/RHSA-2020:1445
- https://access.redhat.com/errata/RHSA-2020:0497
- https://access.redhat.com/errata/RHSA-2020:0939
- https://access.redhat.com/errata/RHSA-2020:3196
- https://access.redhat.com/errata/RHSA-2020:2321
- https://access.redhat.com/errata/RHSA-2020:0606
- https://access.redhat.com/errata/RHSA-2020:0811
- https://access.redhat.com/errata/RHSA-2020:0605
- https://access.redhat.com/errata/RHSA-2020:0804
- https://access.redhat.com/errata/RHSA-2020:0805
- https://access.redhat.com/errata/RHSA-2020:0806
- https://access.redhat.com/errata/RHSA-2020:2333
- https://access.redhat.com/errata/RHSA-2020:3192
- https://access.redhat.com/errata/RHSA-2020:3197
- https://access.redhat.com/errata/RHSA-2020:4366
- https://access.redhat.com/errata/RHSA-2020:0951
- https://access.redhat.com/errata/RHSA-2020:0567
- https://access.redhat.com/errata/RHSA-2020:2067
- https://access.redhat.com/security/cve/cve-2020-7238
- https://github.com/jdordonezn/CVE-2020-72381/issues/1
- https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7@%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05@%3Ccommits.cassandra.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2020/02/msg00017.html
- https://lists.debian.org/debian-lts-announce/2020/02/msg00018.html
- https://lists.debian.org/debian-lts-announce/2020/09/msg00003.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
- https://netty.io/news/
- https://www.debian.org/security/2021/dsa-4885
- https://launchpad.net/bugs/cve/CVE-2020-7238
- https://lists.apache.org/thread.html/r131e572d003914843552fa45c4398b9903fb74144986e8b107c0a3a7%40%3Ccommits.cassandra.apache.org%3E
- https://lists.apache.org/thread.html/rc8d554aad889d12b140d9fd7d2d6fc2e8716e9792f6f4e4b2cdc2d05%40%3Ccommits.cassandra.apache.org%3E
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TS6VX7OMXPDJIU5LRGUAHRK6MENAVJ46/
- https://github.com/netty/netty/issues/9861#issuecomment-582307539
- https://security-tracker.debian.org/tracker/CVE-2020-7238
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
- https://nvd.nist.gov/vuln/detail/CVE-2020-7238
- https://ubuntu.com/security/CVE-2020-7238
- https://access.redhat.com/security/cve/CVE-2019-16869
- https://netty.io/news/2019/12/18/4-1-44-Final.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1796276
- https://github.com/elastic/elasticsearch/issues/49396
- https://access.redhat.com/support/policy/updates/jboss_notes
- https://access.redhat.com/errata/RHSA-2024:10208
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the severity of CVE-2020-7238?
CVE-2020-7238 has been rated as a moderate severity vulnerability.
How can I fix CVE-2020-7238?
To fix CVE-2020-7238, update to the recommended versions or patches provided by the affected software vendor, which are listed in the official advisories.
What applications are affected by CVE-2020-7238?
CVE-2020-7238 affects Netty and various applications built on it, particularly those using incorrect Transfer-Encoding headers.
What type of attack does CVE-2020-7238 enable?
CVE-2020-7238 enables HTTP Request Smuggling attacks due to improper handling of Transfer-Encoding whitespace.
Which Netty versions are vulnerable to CVE-2020-7238?
Versions of Netty prior to 4.1.44 are vulnerable to CVE-2020-7238, specifically versions prior to 4.1.43.Final.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/severity
- agent/remedy
- agent/weakness
- collector/security-tracker-debian
- source/Debian
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/usn-cve
- source/Ubuntu
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-7238
- agent/references
- agent/last-modified-date
- agent/trending
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/redhat
- package-manager/debian
- vendor/netty
- canonical/netty netty
- version/netty netty/4.1.43
- vendor/fedoraproject
- canonical/fedora
- version/fedora/33
- vendor/debian
- canonical/debian
- version/debian/8.0
- version/debian/9.0
- version/debian/10.0
- vendor/redhat
- canonical/redhat jboss enterprise application platform
- version/redhat jboss enterprise application platform/7.2
- version/redhat jboss enterprise application platform/7.3
- version/redhat jboss enterprise application platform/7.4
- canonical/redhat jboss enterprise application platform text-only advisories
- canonical/redhat openshift application runtimes text-only advisories