{"id":"CVE-2019-10797","details":"Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Response Splitting due to HTTP Header validation being disabled.","aliases":["GHSA-rvpc-w57p-q95f","SNYK-JAVA-ORGWSO2TRANSPORTHTTP-548944"],"modified":"2026-05-09T11:34:49.081646Z","published":"2020-02-19T19:15:11.617Z","references":[{"type":"FIX","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWSO2TRANSPORTHTTP-548944"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wso2/transport-http","events":[{"introduced":"0"},{"fixed":"9b968d61e5381508b96680df4a3ad7a3b378edbb"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:wso2:transport-http:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"6.3.1"}]}}],"versions":["v6.0.100","v6.0.101","v6.0.102","v6.0.103","v6.0.104","v6.0.105","v6.0.106","v6.0.107","v6.0.109","v6.0.110","v6.0.112","v6.0.113","v6.0.114","v6.0.115","v6.0.116","v6.0.117","v6.0.118","v6.0.119","v6.0.120","v6.0.121","v6.0.122","v6.0.123","v6.0.124","v6.0.126","v6.0.127","v6.0.128","v6.0.129","v6.0.130","v6.0.131","v6.0.132","v6.0.133","v6.0.134","v6.0.136","v6.0.137","v6.0.138","v6.0.139","v6.0.140","v6.0.141","v6.0.142","v6.0.143","v6.0.144","v6.0.145","v6.0.146","v6.0.147","v6.0.148","v6.0.149","v6.0.150","v6.0.151","v6.0.152","v6.0.153","v6.0.154","v6.0.155","v6.0.156","v6.0.157","v6.0.158","v6.0.159","v6.0.160","v6.0.161","v6.0.163","v6.0.165","v6.0.166","v6.0.167","v6.0.168","v6.0.169","v6.0.170","v6.0.172","v6.0.173","v6.0.174","v6.0.175","v6.0.176","v6.0.177","v6.0.178","v6.0.180","v6.0.181","v6.0.182","v6.0.183","v6.0.184","v6.0.185","v6.0.186","v6.0.187","v6.0.188","v6.0.189","v6.0.190","v6.0.191","v6.0.192","v6.0.193","v6.0.194","v6.0.195","v6.0.196","v6.0.197","v6.0.198","v6.0.199","v6.0.200","v6.0.201","v6.0.202","v6.0.203","v6.0.204","v6.0.205","v6.0.206","v6.0.208","v6.0.209","v6.0.210","v6.0.211","v6.0.212","v6.0.213","v6.0.214","v6.0.215","v6.0.217","v6.0.218","v6.0.219","v6.0.220","v6.0.221","v6.0.222","v6.0.223","v6.0.224","v6.0.226","v6.0.227","v6.0.228","v6.0.229","v6.0.230","v6.0.231","v6.0.232","v6.0.233","v6.0.234","v6.0.236","v6.0.237","v6.0.238","v6.0.240","v6.0.241","v6.0.242","v6.0.243","v6.0.244","v6.0.245","v6.0.246","v6.0.247","v6.0.248","v6.0.249","v6.0.250","v6.0.251","v6.0.252","v6.0.253","v6.0.254","v6.0.255","v6.0.257","v6.0.258","v6.0.259","v6.0.260","v6.0.261","v6.0.262","v6.0.263","v6.0.264","v6.0.265","v6.0.266","v6.0.267","v6.0.268","v6.0.269","v6.0.270","v6.0.271","v6.0.272","v6.0.273","v6.0.274","v6.0.275","v6.0.276","v6.0.277","v6.0.278","v6.0.279","v6.0.280","v6.0.281","v6.0.282","v6.0.283","v6.0.284","v6.0.285","v6.0.286","v6.0.288","v6.0.289","v6.0.290","v6.0.291","v6.0.292","v6.0.293","v6.0.294","v6.0.295","v6.0.296","v6.0.297","v6.0.298","v6.0.299","v6.0.300","v6.0.50","v6.0.51","v6.0.52","v6.0.53","v6.0.54","v6.0.55","v6.0.56","v6.0.58","v6.0.59","v6.0.60","v6.0.61","v6.0.62","v6.0.63","v6.0.64","v6.0.65","v6.0.66","v6.0.67","v6.0.68","v6.0.69","v6.0.70","v6.0.71","v6.0.72","v6.0.73","v6.0.74","v6.0.75","v6.0.76","v6.0.77","v6.0.78","v6.0.79","v6.0.80","v6.0.81","v6.0.82","v6.0.83","v6.0.84","v6.0.85","v6.0.86","v6.0.87","v6.0.88","v6.0.89","v6.0.90","v6.0.91","v6.0.92","v6.0.93","v6.0.94","v6.0.95","v6.0.96","v6.0.97","v6.0.98","v6.0.99","v6.1.0","v6.1.1","v6.1.10","v6.1.11","v6.1.12","v6.1.2","v6.1.3","v6.1.5","v6.1.6","v6.1.7","v6.1.8","v6.1.9","v6.2.0","v6.2.1","v6.2.10","v6.2.11","v6.2.12","v6.2.13","v6.2.14","v6.2.15","v6.2.17","v6.2.18","v6.2.19","v6.2.2","v6.2.21","v6.2.22","v6.2.23","v6.2.24","v6.2.25","v6.2.26","v6.2.27","v6.2.28","v6.2.29","v6.2.30","v6.2.31","v6.2.32","v6.2.33","v6.2.34","v6.2.4","v6.2.5","v6.2.6","v6.2.7","v6.2.8","v6.2.9","v6.3.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-10797.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}]}