pkg:Maven/io.netty:netty-codec-http

All known vulnerabilities

• CRITICAL9.1CVE-2019-20444netty - security update
  from 0, < 4.1.44
• HIGH7.5CVE-2026-42587Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
  >= 4.2.0.Alpha1, < 4.2.13.Final
• HIGH7.5CVE-2026-33870Netty: HTTP Request Smuggling via Chunked Extension Quoted-String Parsing
  from 0, < 4.1.132.Final
• HIGH7.5CVE-2025-58056Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
  from 0, < 4.1.125.Final
• HIGH7.3CVE-2026-42584Netty has HttpClientCodec response desynchronization
  >= 4.2.0.Alpha1, < 4.2.13.Final
• MEDIUM6.5CVE-2026-42585Netty vulnerable to HTTP Request Smuggling due to malformed Transfer-Encoding
  >= 4.2.0.Alpha1, < 4.2.13.Final
• MEDIUM6.5CVE-2026-42580Netty vulnerable to HTTP Request Smuggling due to incorrect chunk size parsing
  >= 4.2.0.Alpha1, < 4.2.13.Final
• MEDIUM6.5CVE-2025-67735Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder
  >= 4.2.0.Alpha1, < 4.2.8.Final
• MEDIUM6.5CVE-2022-41915Netty vulnerable to HTTP Response splitting from assigning header value iterator
  >= 4.1.83.Final, < 4.1.86.Final
• MEDIUM6.5CVE-2021-43797HTTP request smuggling in netty
  >= 4.0.0, < 4.1.71.Final
• MEDIUM6.2CVE-2021-21290Local Information Disclosure Vulnerability in Netty on Unix-Like systems
  >= 4.0.0, < 4.1.59.Final
• MEDIUM5.8CVE-2026-42581Netty HTTP/1.0 TE+CL Coexistence Bypasses Smuggling Sanitization
  >= 4.2.0.Alpha1, < 4.2.13.Final
• MEDIUM5.5CVE-2022-24823Local Information Disclosure Vulnerability in io.netty:netty-codec-http
  from 0, < 4.1.77.Final
• MEDIUM5.3CVE-2026-41417Netty: Start-Line Injection in DefaultHttpRequest.setUri() Allows HTTP Request Smuggling and RTSP Request Injection
  from 0, < 4.1.133.Final
• MEDIUM5.3CVE-2024-29025netty - security update
  from 0, < 4.1.108.Final