Tag: netty

All the articles with the tag "netty".

[CVE-2025-58056] Netty’s lenient chunk extension parsing opens the door to HTTP request smuggling

5 Sep, 2025

Netty 4.1.124.Final and 4.2.0.Alpha3 through 4.2.4.Final accept an LF on its own as the terminator for chunk extensions. A single byte is enough to desynchronise upstream and backend parsers, letting attackers smuggle hidden requests through proxy chains.

[CVE-2025-58056] Netty’s lenient chunk extension parsing opens the door to HTTP request smuggling