VIR Vulnerability Intelligence Relay

Package impact

java Maven / io.netty:netty-codec-http

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42587 high 7.5 7.5 15d ago Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS susedebianjava
CVE-2026-42585 high 7.5 7.5 15d ago Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding susedebianjava
CVE-2026-42580 medium 6.5 6.5 15d ago Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing susedebianjava
CVE-2021-43797 medium 5.5 5y ago HTTP request smuggling in netty suserockylinuxdebianjava
CVE-2021-21290 medium 5.5 5y ago Local Information Disclosure Vulnerability in Netty on Unix-Like systems suserockylinuxdebianjava
CVE-2026-41417 medium 5.3 5.3 22d ago Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection susedebianjava