Io.netty Netty-codec-http
4 CVEs affecting Io.netty Netty-codec-http. Latest disclosed: 2026-05-13. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-42587 | High | 7.5 | 2026-05-13 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpContentDecompressor accepts a maxAllocation… |
CVE-2026-42584 | High | 7.3 | 2026-05-13 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, HttpClientCodec pairs each inbound response with… |
CVE-2026-42585 | Medium | 6.5 | 2026-05-13 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty incorrectly parses malformed Transfer-Enco… |
CVE-2026-42580 | Medium | 6.5 | 2026-05-13 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, Netty's chunk size parser silently overflows int… |