Io.netty:netty-codec-http
This hub aggregates every CVE we track for Io.netty:netty-codec-http, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
8
CVEs tracked
1
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM6HIGH1CRITICAL1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
1
0
0
1
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 8 most recently published vulnerabilities affecting Io.netty:netty-codec-http.
- CVE-2025-67735Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder6.5
- CVE-2025-58056Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions7.5
- CVE-2024-29025Netty HttpPostRequestDecoder can OOM5.3
- CVE-2022-41915Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and prior to 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of ...6.5
- CVE-2022-24823Local Information Disclosure Vulnerability in io.netty:netty-codec-http5.5
- CVE-2021-43797HTTP fails to validate against control chars in header names which may lead to HTTP request smuggling6.5
- CVE-2021-21290Local Information Disclosure Vulnerability in Netty on Unix-Like systems due temporary files6.2
- CVE-2019-20444HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "inva...9.1
Product normalization is registry-driven with AI assist and human review. How it works