pkg:Maven/io.netty:netty-codec-http2

6 total CVEsHIGH3MEDIUM3

✅ Check your installed version

All known vulnerabilities

  • MEDIUM5.3CVE-2023-44487⚠ KEVnghttp2 - security update
    from 0, < 4.1.100.Final
  • HIGH7.5CVE-2026-42587Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to br/zstd/snappy leads to decompression bomb DoS
    >= 4.2.0.Alpha1, < 4.2.13.Final
  • HIGH7.5CVE-2026-33871Netty HTTP/2 CONTINUATION Frame Flood DoS via Zero-Byte Frame Bypass
    from 0, < 4.1.132.Final
  • HIGH7.5CVE-2025-55163netty - security update
    >= 4.2.0.Alpha1, < 4.2.4.Final
  • MEDIUM5.9CVE-2021-21409Possible request smuggling in HTTP/2 due missing validation of content-length
    >= 4.0.0, < 4.1.61.Final
  • MEDIUM5.9CVE-2021-21295Possible request smuggling in HTTP/2 due missing validation
    >= 4.0.0, < 4.1.60.Final