Denial Of Service(DoS)

netty-codec is vulnerable to denial of service. The vulnerability exists due to lack of allocation size restriction on the decompressed output data in the Bzip2 decompression decoder function, leading to an OOME...

HTTP Request Smuggling

netty-codec-http2 is vulnerable to HTTP request smuggling. The vulnerability exists through an incomplete fix in CVE-2021-21295 where the content-length header is not properly validated if the request uses a single Http2HeaderFrame, and with endStream set to true...

CVE-2021-21409

The CVE concerns Netty’s HTTP/2 codec (io.netty:netty-codec-http2) where, before version 4.1.61.Final, a Content-Length check can be bypassed when a single Http2HeaderFrame with endStream set to true is used. This enables HTTP request smuggling if the request is proxied and translated to HTTP/1.1...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +26679 more potentially affected by CVE-2021-21295 +1 more via io.netty:netty-codec-http2 (>=4.1.0.Beta4 <=4.1.5.Final)

io.netty:netty-codec-http2 MAVEN version =4.1.0.Beta4, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

Information Disclosure

netty-codec-http is vulnerable to information disclosure. When netty's multipart decoders are used, local files containing confidential information can be accessed via the local system temporary directory if temporary storing uploads on the disk is enabled...

PT-2021-7977 · Oracle +4 · Java +4

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http versions prior to 4.1.77.Final Description: The issue is related to insufficient fix for a vulnerability in Netty's multipart decoders, which can lead to local information disclosure via the local system temporary...

Low: Red Hat Security Advisory: AMQ Clients 2.7.0 Release

An update is now available for Red Hat AMQ Clients 2.7.0. Red Hat Product Security has rated this update as having a Low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

Denial Of Service (DoS)

netty-codec is vulnerable to denial of service DoS. The vulnerability exists as it was possible to send a large data for compression, causing large buffer allocation sizes in the client JVM...

PT-2020-6587

Name of the Vulnerable Software and Affected Versions: io.netty:netty-codec-http2 versions prior to 4.1.61.Final Description: The issue is related to a lack of proper validation of the content-length header in HTTP/2 requests. If a request only uses a single Http2HeaderFrame with the endStream se...

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +29658 more potentially affected by CVE-2019-20444 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.43.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The vulnerability exists as it improperly handles whitespaces in the Transfer-Encoding, and the Content-Length headers. This vulnerability is caused by an incomplete fix for CVE-2019-16869...

HTTP Request Smuggling

netty-codec-http is vulnerable to HTTP request smuggling. The library does not properly validate duplicate Content-Length header fields and the Transport-Encoding headers, allowing a remote attacker to smuggle HTTP request by submitting a malicious Transport-Encoding header...

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service. An indexOutOfBoundsException occurs when the application parses an incorrect Content-Type value that starts with a semi-colon ; in a multipart form request, allowing an attacker to cause a denial of service condition...

Denial Of Service (DoS)

netty-codec-http is vulnerable to denial of service DoS attacks. These attacks are possible because it does not respect the limit on max http header size. This is caused because control characters are indefinitely skipped and the parsing never ends...