{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-06T07:58:27.517","vulnerabilities":[{"cve":{"id":"CVE-2021-43797","sourceIdentifier":"security-advisories@github.com","published":"2021-12-09T19:15:07.960","lastModified":"2024-11-21T06:29:48.490","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beginning / end of the header name. It should instead fail fast as these are not allowed by the spec and could lead to HTTP request smuggling. Failing to do the validation might cause netty to \"sanitize\" header names before it forward these to another remote system when used as proxy. This remote system can't see the invalid usage anymore, and therefore does not do the validation itself. Users should upgrade to version 4.1.71.Final."},{"lang":"es","value":"Netty es un marco de trabajo de aplicaciones de red asíncronas impulsadas por eventos para el desarrollo rápido de servidores y clientes de protocolo de alto rendimiento mantenibles. Netty antes de la versión 4.1.71.Final omite los caracteres de control cuando están presentes al principio/fin del nombre de la cabecera. En su lugar, debería fallar rápidamente ya que estos no están permitidos por la especificación y podrían llevar a un contrabando de peticiones HTTP. No hacer la validación podría causar que netty \"sanee\" los nombres de las cabeceras antes de reenviarlas a otro sistema remoto cuando se usa como proxy. Este sistema remoto ya no puede ver el uso inválido, y por lo tanto no hace la validación por sí mismo. Los usuarios deben actualizar a la versión 4.1.71.Final"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-444"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-444"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*","versionEndExcluding":"4.1.71","matchCriteriaId":"F63C0F0C-1D4C-4383-820A-9325DE306780"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*","versionEndExcluding":"2.5.3","matchCriteriaId":"9050DC4B-0A83-436F-9AE5-6DC28EC7F69D"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*","matchCriteriaId":"5735E553-9731-4AAC-BCFF-989377F817B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*","matchCriteriaId":"BDFB1169-41A0-4A86-8E4F-FDA9730B1E94"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.7:*:*:*:*:*:*:*","matchCriteriaId":"ED63D221-31FA-480F-802F-844334F429F5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*","matchCriteriaId":"C542DC5E-6657-4178-9C69-46FD3C187D56"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*","matchCriteriaId":"132CE62A-FBFC-4001-81EC-35D81F73AF48"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*","matchCriteriaId":"2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*","matchCriteriaId":"5FA64A1D-34F9-4441-857A-25C165E6DBB6"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*","matchCriteriaId":"10323322-F6C0-4EA7-9344-736F7A80AA5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*","matchCriteriaId":"3AA09838-BF13-46AC-BB97-A69F48B73A8A"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"B4367D9B-BF81-47AD-A840-AC46317C774D"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*","matchCriteriaId":"BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*","matchCriteriaId":"C6EAA723-2A23-4151-930B-86ACF9CC1C0C"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*","matchCriteriaId":"A67AA54B-258D-4D09-9ACB-4085E0B3E585"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*","matchCriteriaId":"47CE14F1-7E98-4C3B-A817-C54273F23464"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*","matchCriteriaId":"4E7626D2-D9FF-416A-9581-852CED0D8C24"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*","matchCriteriaId":"99344A5D-F4B7-49B4-9AE6-0E2FB3874EA5"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*","matchCriteriaId":"D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9"},{"vulnerable":true,"criteria":"cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*","matchCriteriaId":"C8AF00C6-B97F-414D-A8DF-057E6BFD8597"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","matchCriteriaId":"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"},{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html","source":"security-advisories@github.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220107-0003/","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5316","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://security.netapp.com/advisory/ntap-20220107-0003/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2023/dsa-5316","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]}]}}]}