17 matches found
ROOT-APP-MAVEN-CVE-2025-59419 CVE-2025-59419 in io.root.io.netty:netty-codec-smtp - Patched by Root
Root has patched CVE-2025-59419 in the io.root.io.netty:netty-codec-smtp package for Root:Maven. Multiple fixed versions available...
[SECURITY] [DSA 6160-1] netty security update
------------------------------------------------------------------------- Debian Security Advisory DSA-6160-1 [email protected] https://www.debian.org/security/ Markus Koschany March 11, 2026 https://www.debian.org/security/faq -...
Security Bulletin: SMTP Command Injection Vulnerability in Netty SMTP Codec (Fixed in 4.1.129.Final and 4.2.8.Final) affect IBM watsonx.data
Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final contains an SMTP command injection vulnerability in its SMTP codec due to improper CRLF validation. Attackers who control SMTP parameters can inject arbitrary commands, potentially forging emails that pass SPF and DKIM checks. Upgradin...
Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to command injection due to the Netty package (CVE-2025-59419)
Summary Netty is used by DataStage on Cloud Pak for Data as part of the event processing functionality. Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec ...
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.12.0 Vulnerability Details CVEID:CVE-2025-59419 DESCRIPTION: Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : netty, netty-tcnative (SUSE-SU-2025:4087-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4087-1 advisory. - CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery bsc1252097 Tenabl...
openSUSE Security Advisory (SUSE-SU-2025:4087-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security update for netty, netty-tcnative
This update for netty, netty-tcnative fixes the following issues: CVE-2025-59419: fixed SMTP command injection vulnerability that allowed email forgery bsc1252097 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
netty-4.1.128-1.1 on GA media (moderate)
netty-4.1.128-1.1 on GA media Announcement ID: openSUSE-SU-2025:15667-1 Rating: moderate Cross-References: CVE-2025-59419 CVSS scores: CVE-2025-59419 SUSE : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2025-59419 SUSE : 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...
OESA-2025-2529 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...
OESA-2025-2526 netty security update
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers clients. %package help Summary: Documents for Buildarch: noarch Requires: man info Provides: -javadoc = - Obsoletes: -javadoc - %description help Man pages a...
CVE-2025-59419 vulnerabilities
Vulnerabilities for packages: thingsboard, celeborn, management-api-for-apache-cassandra-5.0, trino, tez...
ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2230 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.1.100.Final <=4.1.127.Final)
io.netty:netty-codec-smtp MAVEN version =4.1.100.Final, =0.0.86, =0.0.86, =0.0.86, =0.0.1, =2.0.24, =1.1.9, =0.0.1, =0.3.36, =1.9.0, =2.0.0, =2.4.0, =2.4.0, =0.0.15, =4.0.0, =5.0.2 and more Source cves: CVE-2025-59419 Source advisory: OSV:GHSA-JQ43-27X9-3V86...
ai.chronon:service_2.11 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91), ai.chronon:service_2.12 (>=0.0.86 <=def544ccef5f753238ecc4adfc2eaa7d2fc36d53-0.0.91) +2230 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.1.100.Final <=4.1.127.Final)
io.netty:netty-codec-smtp MAVEN version =4.1.100.Final, =0.0.86, =0.0.86, =0.0.86, =0.0.1, =2.0.24, =1.1.9, =0.0.1, =0.3.36, =1.9.0, =2.0.0, =2.4.0, =2.4.0, =0.0.15, =4.0.0, =5.0.2 and more Source cves: CVE-2025-59419 Source advisory: SNYK:JAVA-IONETTY-13560334...
ai.spice:spiceai (=0.6.0), cn.hserver:hserver (=3.7.0) +529 more potentially affected by CVE-2025-59419 via io.netty:netty-codec-smtp (>=4.2.0.Alpha1 <=4.2.6.Final)
io.netty:netty-codec-smtp MAVEN version =4.2.0.Alpha1, =4.2.6.Final is affected by a known vulnerability. The following packages have a transitive dependency on io.netty:netty-codec-smtp and may be impacted: - ai.spice:spiceai =0.6.0 - cn.hserver:hserver =3.7.0 - cn.hserver:hserver-netty-web...
CVE-2025-59419 Netty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email Forgery
Netty is an asynchronous, event-driven network application framework. In versions prior to 4.1.128.Final and 4.2.7.Final, the SMTP codec in Netty contains an SMTP command injection vulnerability due to insufficient input validation for Carriage Return \r and Line Feed \n characters in user-suppli...
CVE-2025-59419
creationtimestamp| type| source ---|---|--- 2025-10-15 14:36:33+00:00| published-proof-of-concept| https://github.com/netty/netty/security/advisories/GHSA-jq43-27x9-3v86 2025-10-15 16:53:27+00:00| seen| https://mastodon.social/users/chrisvest/statuses/115379221747646716 2025-10-22 00:05:07+00:00|...