org.jboss.netty:netty
Maven10 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting org.jboss.netty:nettypage 1 of 1
- CVE-2015-2156HIGHCVSS 7.5EG 7.5✓ Fixed in 3.10.3.Final2017-10-18
Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before 4.0.28.Final, and 4.1.x before 4.1.0.Beta5 and Play Framework 2.x before 2.3.9 might allow remote attackers to bypass the httpOnly flag on cookies and obtain sensitive info…
- CVE-2019-16869HIGHCVSS 7.5EG 7.52019-09-26
vulnerable: 3.0.0.CR1 ... 3.2.9.Final (39 versions)
Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.
- CVE-2019-20444CRITICALCVSS 9.1EG 9.12020-01-29
vulnerable: 3.0.0.CR1 ... 3.2.9.Final (39 versions)
HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."
- CVE-2019-20445CRITICALCVSS 9.1EG 9.12020-01-29
vulnerable: 3.0.0.CR1 ... 3.2.9.Final (39 versions)
HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.
- CVE-2021-21290MEDIUMCVSS 6.2EG 6.22021-02-08
vulnerable: 3.0.0.CR1 ... 3.2.9.Final (39 versions)
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like …
- CVE-2021-21295MEDIUMCVSS 5.9EG 5.92021-03-09
vulnerable: 3.0.0.CR1 ... 3.2.9.Final (39 versions)
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.60.Final there is …
- CVE-2021-21409MEDIUMCVSS 5.9EG 5.92021-03-30
vulnerable: 3.0.0.CR1 ... 3.2.9.Final (39 versions)
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is …
- CVE-2021-37136HIGHCVSS 7.5EG 7.52021-10-19
vulnerable: 3.0.0.CR1 ... 3.2.9.Final (39 versions)
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can…
- CVE-2021-37137HIGHCVSS 7.5EG 7.52021-10-19
vulnerable: 3.0.0.CR1 ... 3.2.9.Final (39 versions)
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory us…
- CVE-2021-43797MEDIUMCVSS 6.5EG 6.52021-12-09
vulnerable: 3.0.0.CR1 ... 3.2.9.Final (39 versions)
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Netty prior to version 4.1.71.Final skips control chars when they are present at the beg…
Check whether org.jboss.netty:netty is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for org.jboss.netty:netty CVEs against the assets you own.
Start Free Scan →