CVE-2019-10797: HTTP Response Splitting in WSO2 transport-http

February 9, 2022

Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.

References

github.com/advisories/GHSA-rvpc-w57p-q95f
nvd.nist.gov/vuln/detail/CVE-2019-10797
snyk.io/vuln/SNYK-JAVA-ORGWSO2TRANSPORTHTTP-548944

Code Behaviors & Features

Detect and mitigate CVE-2019-10797 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →