Maven/io.netty:netty-codec-http3 — 3 CVEs

HIGH7.5CVE-2026-48748Netty HTTP/3 QPACK Blocked Streams Memory Exhaustion

>= 4.2.0.Final, < 4.2.15.Final

HIGH7.5CVE-2026-44892Netty has a Vulnerable Default Configuration Which Leads to Denial of Service via Unbounded HTTP/3 Header Size

>= 4.2.0.Final, < 4.2.15.Final

HIGH7.5CVE-2026-42582Netty HTTP/3 QPACK literal unbounded allocation

from 0, < 4.2.13.Final

pkg:Maven/io.netty:netty-codec-http3