CVE-2024-40642 | netty-incubator-codec-ohttp up to 0.0.12 HTTP Protocol readRequestHead server-side request forgery (GHSA-q8f2-hxq5-cp4h)

Posted by Angelo Barbosa | Jul 19, 2024 | CVE

A vulnerability, which was classified as critical, was found in netty-incubator-codec-ohttp up to 0.0.12. Affected is the function readRequestHead of the component HTTP Protocol Handler. The manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2024-40642. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-40642 | netty-incubator-codec-ohttp up to 0.0.12 HTTP Protocol readRequestHead server-side request forgery (GHSA-q8f2-hxq5-cp4h)

Related Posts

CVE-2024-49920 | Linux Kernel up to 6.11.2 AMD Display null pointer dereference (26787fb6c2b2/fdd5ecbbff75)

CVE-2024-47211 | OpenStack Ironic up to 21.4.3/23.0.2/24.1.2/26.0.x URL image_source stack-based overflow

CVE-2024-24026 | nove-plus up to 4.3.0-RC1 com.java2nb.system.controller.SysUserController: uploadImg filename unrestricted upload

CVE-2024-29215 | Mattermost up to 8.1.12/9.5.3/9.6.1/9.7.1 Slash Command access control