Vulnerabilidades en netty
60 resultadosCVE-2021-21295MEDIUMPossible request smuggling in HTTP/2 due missing validationEPSS 18.9%CVE-2021-21409MEDIUMPossible request smuggling in HTTP/2 due missing validation of content-lengthEPSS 4.9%CVE-2021-43797MEDIUMHTTP fails to validate against control chars in header names which may lead to HTTP request smugglingEPSS 2.7%CVE-2023-34462MEDIUMnetty-handler SniHandler 16MB allocationEPSS 2.5%CVE-2025-24970HIGHSslHandler doesn't correctly validate packets which can lead to native crash when using native SSLEngineEPSS 2.0%CVE-2021-21290MEDIUMLocal Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary filesEPSS 1.8%CVE-2025-59419MEDIUMNetty netty-codec-smtp SMTP Command Injection Vulnerability Allowing Email ForgeryEPSS 1.6%CVE-2022-41881MEDIUMNetty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be EPSS 1.5%CVE-2024-29025MEDIUMNetty HttpPostRequestDecoder can OOMEPSS 1.4%CVE-2022-24823MEDIUMLocal Information Disclosure Vulnerability in io.netty:netty-codec-httpEPSS 1.0%CVE-2025-55163HIGHNetty MadeYouReset HTTP/2 DDoS VulnerabilityEPSS 1.0%CVE-2022-41915MEDIUMNetty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, wheEPSS 0.9%CVE-2024-40642HIGHAbsent Input Validation in BinaryHttpParser in the netty incubator codec.bhttp EPSS 0.7%CVE-2026-33871HIGHNetty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame BypassEPSS 0.7%CVE-2025-58056LOWNetty is vulnerable to request smuggling due to incorrect parsing of chunk extensionsEPSS 0.6%CVE-2025-58057MEDIUMNetty's BrotliDecoder is vulnerable to DoS via zip bomb style attackEPSS 0.6%CVE-2026-42587HIGHNetty: HttpContentDecompressor maxAllocation bypass via Content-Encoding: br/zstd/snappy enables decompression bomb DoSEPSS 0.5%CVE-2026-42579HIGHNetty: DNS Codec Input Validation Bypass in Netty (Encoder + Decoder)EPSS 0.5%CVE-2025-29908MEDIUMNetty QUIC hash collision DoS attackEPSS 0.5%CVE-2026-33870HIGHNetty: HTTP Request Smuggling via Chunked Extension Quoted-String ParsingEPSS 0.5%