Lucene search
K

4 matches found

Cvelist
Cvelist
added 2026/06/12 2:6 p.m.35 views

CVE-2026-44894 Netty's Default QUIC token handler accepts any client-supplied token

Netty is a network application framework for development of protocol servers and clients. NoQuicTokenHandler is the tokenHandler used when the application does not set one. Prior to version 4.2.15.Final, its writeToken returns false server will not send Retry — acceptable, but validateToken...

7.5CVSS0.00143EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.2 views

PT-2023-8190

Name of the Vulnerable Software and Affected Versions Reactor Netty HTTP Server versions 1.0.x prior to 1.0.39 Reactor Netty HTTP Server versions 1.1.x prior to 1.1.13 Description The issue is related to incorrect restriction of directory path names, which can lead to a directory traversal attack...

7.8CVSS7.1AI score0.01124EPSS
Exploits0References9
OSV
OSV
added 2022/10/20 12:0 p.m.6 views

GHSA-7W4X-4H67-PGMV Invalid HTTP requests in Reactor Netty HTTP Server may reveal access tokens

Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may request log headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled...

4.3CVSS5.9AI score0.00604EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2020/04/07 6:0 p.m.27 views

CVE-2020-11612

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder...

7.5CVSS7.1AI score0.09438EPSS
Exploits0
Rows per page
Query Builder