pkg:Maven/io.netty:netty-codec-http2

All known vulnerabilities

• MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
  from 0, < 4.1.100.Final
• HIGH7.5CVE-2026-42587Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
  >= 4.2.0.Alpha1, < 4.2.13.Final
• HIGH7.5CVE-2026-33871Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass
  from 0, < 4.1.132.Final
• HIGH7.5netty - security update
  >= 4.2.0.Alpha1, < 4.2.4.Final
• MEDIUM5.9Possible request smuggling in HTTP/2 due missing validation of content-length
  >= 4.0.0, < 4.1.61.Final
• MEDIUM5.9Possible request smuggling in HTTP/2 due missing validation
  >= 4.0.0, < 4.1.60.Final
• MEDIUM5.3netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
  from 0, < 4.1.135.Final
• MEDIUM5.3Netty HTTP/2: Advertised MAX_CONCURRENT_STREAMS are not enforced
  >= 4.2.0.Final, < 4.2.15.Final