Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

23 matches found

Github Security Blog
Github Security Blogadded 2024/03/25 7:40 p.m.69 views

Netty's HttpPostRequestDecoder can OOM

Summary The HttpPostRequestDecoder can be tricked to accumulate data. I have spotted currently two attack vectors Details 1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consistin...

5.3CVSS6.7AI score0.00343EPSS
Exploits1References7Affected Software1
CNNVD
CNNVDadded 2024/03/25 12:0 a.m.2 views

Netty 安全漏洞

Netty is a non-blocking I/O client-server framework from the Netty community, which is primarily used for developing Java web applications such as protocol servers and clients. A security vulnerability exists in versions prior to Netty 4.1.108.Final, which stems from the "HttpPostRequestDecoder"...

5.3CVSS6.4AI score0.00343EPSS
Exploits1References9
Positive Technologies
Positive Technologiesadded 2024/03/25 12:0 a.m.6 views

PT-2024-2588

Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.108.Final Description The issue is related to the HttpPostRequestDecoder in Netty, which can be tricked to accumulate data without limits. This can be achieved by sending a chunked post consisting of many small fiel...

7.5CVSS7.2AI score0.9439EPSS
Exploits24References55
Rows per page
Query Builder