Sign In

CVE-2021-43797

ADVISORY - github

Summary

Impact

Netty currently just skips control chars when these are present at the beginning / end of the header name. We should better fail fast as these are not allowed by the spec and could lead to HTTP request smuggling.

Failing to do the validation might cause netty to "sanitize" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore and so not do the validation itself.

EPSS Score: 0.00419 (0.613)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

ADVISORY - github

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-444

Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2021-43797
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-444

CVSS SCORE

6.5medium

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-wx5j-54mm-rqqq
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-444

CVSS SCORE

6.5medium

Debian

CREATED

UPDATED

ADVISORY IDCVE-2021-43797
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2021-43797
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

6.5medium

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2021-43797

EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-444CWE-937

CVSS SCORE

6.5medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2021-43797
EXPLOITABILITY SCORE

2.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-444

CVSS SCORE

6.5medium

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2022:5498
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-2vx5-qv6g-67jq

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-9pj8-4gmp-wp6g

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Chainguard

CREATED

UPDATED

ADVISORY ID

CGA-qxv3-xxff-qffv

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY