Miguel Costa

**Name of the Vulnerable Software and Affected Versions** Netty versions prior to 4.1.42.Final **Description** The issue is related to the incorrect handling of whitespace before the colon in HTTP headers, such as a "Transfer-Encoding : chunked" line. This can lead to HTTP request smuggling, allowing a remote attacker to impact data integrity. **Recommendations** For versions prior to 4.1.42.Final, update to version 4.1.42.Final or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable HTTP header handling functionality until a patch is available. Avoid using whitespace before the colon in HTTP headers, such as `Transfer-Encoding : chunked`, in the affected API endpoints until the issue is resolved.