-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| io.netty:netty-codec-http | maven | >= 4.1.83.Final, < 4.1.86.Final | 4.1.86.Final |
Miggo AIRoot Cause AnalysisThe vulnerability stems from missing header value validation in iterator-based setter methods. The advisory specifically calls out DefaultHttpHeaders.set with an iterator, and commit fe18adf shows validation was added to DefaultHeaders.setObject methods. The test cases in DefaultHttpHeadersTest.java demonstrate missing validation for iterable values prior to 4.1.86.Final. The parent DefaultHeaders class's setObject methods handling iterables/arrays were the root cause since they processed iterator values without applying the same validation as single-value setters.
Ongoing coverage of React2Shell