io.netty.incubator:netty-incubator-codec-ohttp
Maven3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting io.netty.incubator:netty-incubator-codec-ohttppage 1 of 1
- CVE-2024-36121MEDIUMCVSS 5.9EG 5.9✓ Fixed in 0.0.11.Final2024-06-04
vulnerable: 0.0.10.Final ... 0.0.9.Final (8 versions)
netty-incubator-codec-ohttp is the OHTTP implementation for netty. BoringSSLAEADContext keeps track of how many OHTTP responses have been sent and uses this sequence number to calculate the appropriate nonce to use with the encryption alg…
- CVE-2026-41207MEDIUMCVSS 6.9EG 6.9✓ Fixed in 0.0.21.Final2026-05-26
vulnerable: 0.0.1.Final ... 0.0.9.Final (20 versions)
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this o…
- CVE-2026-48480MEDIUMCVSS 6.6EG 6.6✓ Fixed in 0.0.22.Final2026-06-04
vulnerable: 0.0.1.Final ... 0.0.9.Final (21 versions)
The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptographically-signed final chunk was received …
Check whether io.netty.incubator:netty-incubator-codec-ohttp is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for io.netty.incubator:netty-incubator-codec-ohttp CVEs against the assets you own.
Start Free Scan →