VIR Vulnerability Intelligence Relay

Package impact

java Maven / io.netty:netty-codec-http2

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2026-42587 high 7.5 7.5 15d ago Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS susedebianjava
CVE-2021-21409 medium 5.5 5y ago Possible request smuggling in HTTP/2 due missing validation of content-length suserockylinuxdebianjava
CVE-2021-21295 medium 5.5 5y ago Possible request smuggling in HTTP/2 due missing validation suserockylinuxdebianjava