CVE-2024-40642 | netty-incubator-codec-ohttp up to 0.0.12 HTTP Protocol readRequestHead server-side request forgery (GHSA-q8f2-hxq5-cp4h)

Posted by Angelo Barbosa | Jul 19, 2024 | CVE

A vulnerability, which was classified as critical, was found in netty-incubator-codec-ohttp up to 0.0.12. Affected is the function readRequestHead of the component HTTP Protocol Handler. The manipulation leads to server-side request forgery.

This vulnerability is traded as CVE-2024-40642. It is possible to launch the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-40642 | netty-incubator-codec-ohttp up to 0.0.12 HTTP Protocol readRequestHead server-side request forgery (GHSA-q8f2-hxq5-cp4h)

Related Posts

CVE-2024-21356 | Microsoft Windows up to Server 2022 23H2 LDAP denial of service

CVE-2024-27270 | IBM WebSphere Application Server Liberty up to 24.0.0.3 URI cross site scripting (XFDB-284576)

CVE-2024-30549 | Cimatti Contact Forms Plugin up to 1.8.0 on WordPress cross site scripting

CVE-2024-6184 | Ruijie RG-UAC 1.0 reboot_commit.php servicename os command injection