Phunt

**Name of the Vulnerable Software and Affected Versions** Netty versions prior to 4.1.44 **Description** The issue is related to a flaw in the interpretation of HTTP requests in the HttpObjectDecoder.java component of the Netty network programming tool. This flaw can be exploited by a remote attacker to access and compromise confidential data. The vulnerability allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. **Recommendations** For versions prior to 4.1.44, update to version 4.1.44 or later to resolve the issue. As a temporary workaround, consider restricting access to the `HttpObjectDecoder.java` component until a patch is applied. Avoid using the `Content-Length` header in conjunction with the `Transfer-Encoding` header in the affected API endpoint until the issue is resolved.