Lucene search
K

47 matches found

RedhatCVE
RedhatCVE
added 6 days ago5 views

CVE-2026-49365

A flaw was found in the Apache Camel Netty HTTP component. An unauthenticated remote attacker can exploit this vulnerability by sending a malformed request that triggers an exception during route processing. Due to a misconfiguration where muteException is set to false by default, the system...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References4
NVD
NVD
added 2026/07/06 9:16 a.m.9 views

CVE-2026-49365

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.3CVSS0.00363EPSS
Exploits0References2
CVE
CVE
added 2026/07/06 8:11 a.m.14 views

CVE-2026-49365

The vulnerability CVE-2026-49365 affects Apache Camel’s camel-netty-http server consumer. The root cause is that the default of muteException is false, so on route processing errors Camel writes the full Java stack trace into the HTTP response body instead of an empty body. This can disclose sens...

5.3CVSS5.8AI score0.00363EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/07/06 8:11 a.m.9 views

EUVD-2026-41846

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

5.8AI score0.00363EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/07/06 8:11 a.m.33 views

CVE-2026-49365 Apache Camel: Camel-Netty-HTTP: The muteException consumer option defaulted to false, so a processing error returned the full Java stack trace in the HTTP response body, disclosing sensitive internal information to unauthenticated clients

Generation of Error Message Containing Sensitive Information vulnerability in Apache Camel Netty HTTP component. The camel-netty-http HTTP server consumer exposes a muteException option that controls what is returned to the client when a route processing error occurs. This option defaulted to fal...

0.00363EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.14 views

PT-2026-55907

Name of the Vulnerable Software and Affected Versions Apache Camel versions 4.0.0 through 4.14.7 Apache Camel versions 4.15.0 through 4.18.2 Apache Camel versions 4.19.0 through 4.20.9 Description The camel-netty-http server consumer in Apache Camel contains an issue where the muteException optio...

5.3CVSS6.1AI score0.00363EPSS
Exploits0References8
OSV
OSV
added 2026/06/24 1:32 p.m.9 views

ROOT-APP-MAVEN-CVE-2025-22227 CVE-2025-22227 in io.root.io.projectreactor.netty:reactor-netty-http - Patched by Root

Root has patched CVE-2025-22227 in the io.root.io.projectreactor.netty:reactor-netty-http package for Root:Maven. Multiple fixed versions available...

6.1CVSS5.2AI score0.0034EPSS
Exploits0
OSV
OSV
added 2026/06/21 7:51 a.m.8 views

ROOT-APP-MAVEN-CVE-2023-34062 CVE-2023-34062 in io.root.io.projectreactor.netty:reactor-netty-http - Patched by Root

Root has patched CVE-2023-34062 in the io.root.io.projectreactor.netty:reactor-netty-http package for Root:Maven. Multiple fixed versions available...

7.5CVSS7.3AI score0.01124EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/06/10 12:5 p.m.14 views

Important: Red Hat Security Advisory: Red Hat build of Quarkus 3.27.4 release and security update

An update is now available for Red Hat build of Quarkus. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability. For more informatio...

9.8CVSS6.8AI score0.00969EPSS
Exploits5References35
Github Security Blog
Github Security Blog
added 2026/06/08 7:2 p.m.16 views

Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

Summary The default configuration of the Http3ConnectionHandler in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not explicitly specify HTTP3SETTINGSMAXFIELDSECTIONSIZE, the implementation defaults to an unbounded limit. This insecure default configuration...

7.5CVSS5.5AI score0.00279EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/05/18 12:0 a.m.19 views

RHEL 8 : Red Hat JBoss Enterprise Application Platform 8.1.6 (RHSA-2026:18054)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:18054 advisory. Red Hat JBoss Enterprise Application Platform 8 is a platform for Java applications based on the WildFly application runtime. This release ...

9.9CVSS7.2AI score0.10629EPSS
Exploits6References59
vulnersOsv
vulnersOsv
added 2026/05/07 12:46 a.m.10 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.2 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +23809 more potentially affected by CVE-2026-42587 via io.netty:netty-codec-http (>=4.0.0.Alpha1 <=4.1.132.Final)

io.netty:netty-codec-http MAVEN version =4.0.0.Alpha1, =0.1.0-alpha.2, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.2, =0.1.0, =0.1.0, =0.2.0, =0.2.0, =0.28.0 and more Source cves:...

7.5CVSS6.7AI score0.00887EPSS
Exploits1
RedHat Linux
RedHat Linux
added 2026/04/14 5:20 p.m.8 views

Important: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available (RHBQ 3.27.3.GA)

An update for Red Hat Build of Apache Camel 4.14 for Quarkus 3.27 update is now available RHBQ 3.27.3.GA. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. An update for Red H...

8.7CVSS5.8AI score0.01125EPSS
Exploits2References4
Atlassian
Atlassian
added 2026/04/10 10:29 p.m.25 views

HTTP Request Smuggling io.netty:netty-codec-http Dependency in Confluence Data Center

This High severity HTTP Request Smuggling vulnerability was introduced in version 8.9.0, 9.0.1, 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, 10.2.0 of Confluence Data Center. This HTTP Request Smuggling vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

7.5CVSS5.8AI score0.0064EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/07 10:58 a.m.4 views

Security Bulletin: tCRLF Injection Vulnerability in Netty HttpRequestEncoder Leading to Request Smuggling, affects watsonx.data

Summary Netty versions prior to 4.1.129.Final and 4.2.8.Final are vulnerable to CRLF injection in HttpRequestEncoder, allowing request smuggling if URIs are not properly sanitized. The issue is fixed in versions 4.1.129.Final and 4.2.8.Final. This can affect watsonx.data. Vulnerability Details...

6.5CVSS6.6AI score0.00292EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/27 11:52 a.m.10 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735.

Summary IBM Maximo Application Suite - Monitor Component uses netty-codec-http-4.2.5.Final.jar which is vulnerable to CVE-2025-67735. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2025-67735 DESCRIPTION: Netty is an asynchronous, event-driven...

6.5CVSS5.9AI score0.00292EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2026/02/23 4:31 p.m.10 views

Moderate: Red Hat Security Advisory: AMQ Clients 2026.Q1

An update is now available for Red Hat AMQ Clients Red Hat Product Security has rated this update as having an impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the Reference...

7.5CVSS6.6AI score0.00631EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/16 5:45 a.m.12 views

Security Bulletin:Vulnerability in reactor-netty-http affects IBM Netezza Appliance

Summary The reactor-netty-http package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-22227 Vulnerability Details CVEID:CVE-2025-22227 DESCRIPTION: In some specific scenarios with chained redirects, Reactor Netty HTTP client leaks credentials. I...

6.1CVSS6.2AI score0.0034EPSS
Exploits0Affected Software1
Atlassian
Atlassian
added 2025/12/03 10:10 a.m.14 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency in Jira Service Management Data Center and Server

This High severity DoS Denial of Service vulnerability known as CVE-2025-55163 was introduced in 10.3.0, and 11.0.0 of Jira Service Management Data Center and Server. This vulnerability with a CVSS Score of 8.2 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H allows an...

8.2CVSS6.8AI score0.00979EPSS
Exploits1
Atlassian
Atlassian
added 2025/12/02 9:27 p.m.14 views

DoS (Denial of Service) io.netty:netty-codec-http2 Dependency Vulnerability in Crowd Data Center and Server

This High severity DoS Denial of Service vulnerability was introduced in version 7.1.0 of Crowd Data Center. This Improper Authorization vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N allows an unauthenticated attacker ...

8.2CVSS5.8AI score0.00979EPSS
Exploits1
Rows per page
Query Builder