pkg:Maven/io.netty:netty-codec-http

All known vulnerabilities

• CRITICAL9.1CVE-2019-20444netty - security update
  from 0, < 4.1.44
• HIGH7.5CVE-2026-42587Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
  >= 4.2.0.Alpha1, < 4.2.13.Final
• HIGH7.5CVE-2026-33870Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
  from 0, < 4.1.132.Final
• HIGH7.5Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
  from 0, < 4.1.125.Final
• HIGH7.3Netty has HttpClientCodec response desynchronization
  >= 4.2.0.Alpha1, < 4.2.13.Final
• MEDIUM6.5Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
  >= 4.2.0.Alpha1, < 4.2.13.Final
• MEDIUM6.5Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing
  >= 4.2.0.Alpha1, < 4.2.13.Final
• MEDIUM6.5Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
  >= 4.2.0.Alpha1, < 4.2.8.Final
• MEDIUM6.5Netty vulnerable to HTTP Response splitting from assigning header value iterator
  >= 4.1.83.Final, < 4.1.86.Final
• MEDIUM6.5HTTP request smuggling in netty
  >= 4.0.0, < 4.1.71.Final
• MEDIUM6.2netty - security update
  >= 4.0.0, < 4.1.59.Final
• MEDIUM5.8Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization
  >= 4.2.0.Alpha1, < 4.2.13.Final
• MEDIUM5.5Local Information Disclosure Vulnerability in io.netty:netty-codec-http
  from 0, < 4.1.77.Final
• MEDIUM5.3Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
  from 0, < 4.1.133.Final
• MEDIUM5.3netty - security update
  from 0, < 4.1.108.Final