Xclow3N

**Name of the Vulnerable Software and Affected Versions** Eclipse Jetty versions 12.1.0 through 12.1.6 Eclipse Jetty versions 12.0.0 through 12.0.32 Eclipse Jetty versions 11.0.0 through 11.0.27 Eclipse Jetty versions 10.0.0 through 10.0.27 Eclipse Jetty versions 9.4.0 through 9.4.59 **Description** The HTTP/1.1 parser incorrectly handles quoted strings within chunked transfer encoding extension values. Specifically, the parser terminates chunk header parsing when it encounters a carriage return and line feed (CRLF) sequence inside a quoted string instead of treating it as a parsing error. This behavior allows an attacker to inject smuggled HTTP requests, which can lead to cache poisoning, access control bypass, and session hijacking. **Recommendations** Update Eclipse Jetty to a version later than 12.1.6. Update Eclipse Jetty to a version later than 12.0.32. Update Eclipse Jetty to a version later than 11.0.27. Update Eclipse Jetty to a version later than 10.0.27. Update Eclipse Jetty to a version later than 9.4.59.

**Name of the Vulnerable Software and Affected Versions** Netty versions prior to 4.1.132.Final and 4.2.10.Final **Description** Netty incorrectly parses quoted strings in HTTP/1.1 chunked transfer encoding extension values, enabling request smuggling attacks. Specifically, Netty terminates chunk header parsing at carriage return/newline characters within quoted strings instead of rejecting the request as malformed. This creates a parsing differential between Netty and RFC-compliant parsers. The root cause is that Netty does not validate that carriage return/line feed bytes are forbidden inside chunk extensions before the terminating carriage return/line feed. A request containing carriage return/line feed bytes within a chunk extension value should be rejected outright as invalid. This issue can lead to request smuggling, cache poisoning, access control bypass, and session hijacking. **Recommendations** Update to Netty version 4.1.132.Final or 4.2.10.Final.

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.18, 10.1.0-M1 through 10.1.52, 9.0.0.M1 through 9.0.115, 8.5.0 through 8.5.100, and 7.0.0 through 7.0.109 Description An inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') exists in Apache Tomcat due to an invalid chunk extension. This can potentially allow an attacker to smuggle requests, leading to unexpected behavior or security breaches. Recommendations Upgrade to version 11.0.20 Upgrade to version 10.1.52 Upgrade to version 9.0.116

**Name of the Vulnerable Software and Affected Versions** go-mail versions 0.7.0 and below **Description** The go-mail library improperly handles `mail.Address` values when passed to the SMTP client’s `MAIL FROM` or `RCPT TO` commands. This can lead to incorrect address routing or ESMTP parameter smuggling. Successful exploitation requires the user’s code to allow arbitrary mail address input. The issue stems from using the raw `Address` value instead of the `String()` method, which properly escapes and quotes mail addresses. Specifically, a crafted mail address like `"toni.tester@example.com> ORCPT=admin@admin.com"@example.com` could be misinterpreted by the SMTP server, potentially routing mail to unintended recipients or allowing the injection of additional SMTP commands. **Recommendations** Update to version 0.7.1 or later.