I installed brew install dependency check on my Mac and ran dependency check -- scan./in my project project File Path: /Users/lxc/IdeaProjects/tl-svr/tl-consumer/build/libs/tl-consumer-0.0.1-SNAPSHOT.jar/BOOT-INF/lib/reactor-netty-core-1.1.31.jar Regarding Netty's vulnerability:
CVE-2019-20444
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
CWE-444 Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

But when I analyzed the dependencies, the netty version referenced by reactor net core-1.1.31.jar is 4.1.122.Final, and the dependency tree is as follows:
io.projectreactor.netty:reactor-netty-http:1.1.31
| +--- io.netty:netty-codec-http:4.1.122.Final ()
| +--- io.netty:netty-codec-http2:4.1.122.Final -> 4.2.4.Final ()
| +--- io.netty:netty-resolver-dns:4.1.122.Final
| | +--- io.netty:netty-common:4.1.122.Final
| | +--- io.netty:netty-buffer:4.1.122.Final ()
| | +--- io.netty:netty-resolver:4.1.122.Final ()
| | +--- io.netty:netty-transport:4.1.122.Final ()
| | +--- io.netty:netty-codec:4.1.122.Final ()
| | +--- io.netty:netty-codec-dns:4.1.122.Final
| | | +--- io.netty:netty-common:4.1.122.Final
| | | +--- io.netty:netty-buffer:4.1.122.Final ()
| | | +--- io.netty:netty-transport:4.1.122.Final ()
| | | --- io.netty:netty-codec:4.1.122.Final ()
| | --- io.netty:netty-handler:4.1.122.Final ()
| +--- io.netty:netty-resolver-dns-native-macos:4.1.122.Final
| | --- io.netty:netty-resolver-dns-classes-macos:4.1.122.Final
| | +--- io.netty:netty-common:4.1.122.Final
| | +--- io.netty:netty-resolver-dns:4.1.122.Final ()
| | --- io.netty:netty-transport-native-unix-common:4.1.122.Final ()
| +--- io.netty:netty-transport-native-epoll:4.1.122.Final
| | +--- io.netty:netty-common:4.1.122.Final
| | +--- io.netty:netty-buffer:4.1.122.Final ()
| | +--- io.netty:netty-transport:4.1.122.Final ()
| | +--- io.netty:netty-transport-native-unix-common:4.1.122.Final ()
| | --- io.netty:netty-transport-classes-epoll:4.1.122.Final
| | +--- io.netty:netty-common:4.1.122.Final
| | +--- io.netty:netty-buffer:4.1.122.Final ()
| | +--- io.netty:netty-transport:4.1.122.Final ()
| | --- io.netty:netty-transport-native-unix-common:4.1.122.Final ()
| +--- io.projectreactor.netty:reactor-netty-core:1.1.31
| | +--- io.netty:netty-handler:4.1.122.Final ()
| | +--- io.netty:netty-handler-proxy:4.1.122.Final
| | | +--- io.netty:netty-common:4.1.122.Final
| | | +--- io.netty:netty-buffer:4.1.122.Final ()
| | | +--- io.netty:netty-transport:4.1.122.Final ()
| | | +--- io.netty:netty-codec:4.1.122.Final ()
| | | +--- io.netty:netty-codec-socks:4.1.122.Final
| | | | +--- io.netty:netty-common:4.1.122.Final
| | | | +--- io.netty:netty-buffer:4.1.122.Final ()
| | | | +--- io.netty:netty-transport:4.1.122.Final ()
| | | | --- io.netty:netty-codec:4.1.122.Final ()
| | | --- io.netty:netty-codec-http:4.1.122.Final ()
| | +--- io.netty:netty-resolver-dns:4.1.122.Final ()
| | +--- io.netty:netty-resolver-dns-native-macos:4.1.122.Final ()
| | +--- io.netty:netty-transport-native-epoll:4.1.122.Final ()
| | --- io.projectreactor:reactor-core:3.5.20 -> 3.6.18 ()
| --- io.projectreactor:reactor-core:3.5.20 -> 3.6.18 (*)

In addition, I have updated the latest dependency check version and downloaded the latest vulnerability data.