Package impact
Maven / io.netty:netty-codec-http2
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42587 | high | 7.5 | 7.5 | 15d ago | Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS | |||
| CVE-2021-21409 | medium | — | 5.5 | 5y ago | Possible request smuggling in HTTP/2 due missing validation of content-length | |||
| CVE-2021-21295 | medium | — | 5.5 | 5y ago | Possible request smuggling in HTTP/2 due missing validation | |||
| CVE-2026-33871 | unknown | — | — | 2mo ago | Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass | |||
| CVE-2025-55163 | unknown | — | — | 10mo ago | Netty affected by MadeYouReset HTTP/2 DDoS vulnerability |