Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.netty/netty-codec-http@4.1.48.Final
Typemaven
Namespaceio.netty
Namenetty-codec-http
Version4.1.48.Final
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.125.Final
Latest_non_vulnerable_version4.2.10.Final
Affected_by_vulnerabilities
0
url VCID-e92u-331h-bkcb
vulnerability_id VCID-e92u-331h-bkcb
summary This advisory has been marked as False Positive and moved to `netty-codec-http`, `netty-handler` and `netty-common`.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21290.json
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21290.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-21290
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07232
published_at 2026-04-18T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07236
published_at 2026-04-16T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07306
published_at 2026-04-13T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07316
published_at 2026-04-12T12:55:00Z
4
value 0.00026
scoring_system epss
scoring_elements 0.07329
published_at 2026-04-11T12:55:00Z
5
value 0.00026
scoring_system epss
scoring_elements 0.0733
published_at 2026-04-09T12:55:00Z
6
value 0.00026
scoring_system epss
scoring_elements 0.07303
published_at 2026-04-08T12:55:00Z
7
value 0.00026
scoring_system epss
scoring_elements 0.07248
published_at 2026-04-07T12:55:00Z
8
value 0.00026
scoring_system epss
scoring_elements 0.07271
published_at 2026-04-04T12:55:00Z
9
value 0.00026
scoring_system epss
scoring_elements 0.07226
published_at 2026-04-02T12:55:00Z
10
value 0.00026
scoring_system epss
scoring_elements 0.07106
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-21290
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290
7
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295
8
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409
9
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
10
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
11
reference_url https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
12
reference_url https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
13
reference_url https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3Cdev.ranger.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5@%3Cjira.kafka.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b@%3Cjira.kafka.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4@%3Cdev.kafka.apache.org%3E
19
reference_url https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3Cissues.zookeeper.apache.org%3E
20
reference_url https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E
21
reference_url https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b@%3Cdev.kafka.apache.org%3E
22
reference_url https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020@%3Cdev.tinkerpop.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020@%3Cdev.tinkerpop.apache.org%3E
23
reference_url https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E
24
reference_url https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E
25
reference_url https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b@%3Cissues.zookeeper.apache.org%3E
26
reference_url https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29@%3Cusers.activemq.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29@%3Cusers.activemq.apache.org%3E
27
reference_url https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214@%3Ccommits.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214@%3Ccommits.kafka.apache.org%3E
28
reference_url https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E
29
reference_url https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f@%3Ccommits.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f@%3Ccommits.kafka.apache.org%3E
30
reference_url https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12@%3Cdev.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12@%3Cdev.zookeeper.apache.org%3E
31
reference_url https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E
32
reference_url https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3Cdev.ranger.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3Cdev.ranger.apache.org%3E
33
reference_url https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3Ccommits.pulsar.apache.org%3E
34
reference_url https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013@%3Cjira.kafka.apache.org%3E
35
reference_url https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e@%3Cjira.kafka.apache.org%3E
36
reference_url https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E
37
reference_url https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3Ccommits.pulsar.apache.org%3E
38
reference_url https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E
39
reference_url https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E
40
reference_url https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb@%3Cjira.kafka.apache.org%3E
41
reference_url https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3Ccommits.pulsar.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3Ccommits.pulsar.apache.org%3E
42
reference_url https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18@%3Cjira.kafka.apache.org%3E
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18@%3Cjira.kafka.apache.org%3E
43
reference_url https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html
44
reference_url https://security.netapp.com/advisory/ntap-20220210-0011
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0011
45
reference_url https://security.netapp.com/advisory/ntap-20220210-0011/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0011/
46
reference_url https://www.debian.org/security/2021/dsa-4885
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2021/dsa-4885
47
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
48
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
49
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
50
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
51
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1927028
reference_id 1927028
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1927028
52
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982580
reference_id 982580
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982580
53
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-21290
reference_id CVE-2021-21290
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-21290
54
reference_url https://github.com/advisories/GHSA-5mcr-gq6c-3hq2
reference_id GHSA-5mcr-gq6c-3hq2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5mcr-gq6c-3hq2
55
reference_url https://access.redhat.com/errata/RHSA-2021:0943
reference_id RHSA-2021:0943
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0943
56
reference_url https://access.redhat.com/errata/RHSA-2021:0986
reference_id RHSA-2021:0986
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0986
57
reference_url https://access.redhat.com/errata/RHSA-2021:1511
reference_id RHSA-2021:1511
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:1511
58
reference_url https://access.redhat.com/errata/RHSA-2021:2046
reference_id RHSA-2021:2046
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2046
59
reference_url https://access.redhat.com/errata/RHSA-2021:2047
reference_id RHSA-2021:2047
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2047
60
reference_url https://access.redhat.com/errata/RHSA-2021:2048
reference_id RHSA-2021:2048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2048
61
reference_url https://access.redhat.com/errata/RHSA-2021:2051
reference_id RHSA-2021:2051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2051
62
reference_url https://access.redhat.com/errata/RHSA-2021:2070
reference_id RHSA-2021:2070
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2070
63
reference_url https://access.redhat.com/errata/RHSA-2021:2139
reference_id RHSA-2021:2139
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2139
64
reference_url https://access.redhat.com/errata/RHSA-2021:2210
reference_id RHSA-2021:2210
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2210
65
reference_url https://access.redhat.com/errata/RHSA-2021:2689
reference_id RHSA-2021:2689
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2689
66
reference_url https://access.redhat.com/errata/RHSA-2021:2755
reference_id RHSA-2021:2755
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:2755
67
reference_url https://access.redhat.com/errata/RHSA-2021:3225
reference_id RHSA-2021:3225
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3225
68
reference_url https://access.redhat.com/errata/RHSA-2021:3700
reference_id RHSA-2021:3700
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3700
69
reference_url https://access.redhat.com/errata/RHSA-2021:3880
reference_id RHSA-2021:3880
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3880
70
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
71
reference_url https://access.redhat.com/errata/RHSA-2022:0190
reference_id RHSA-2022:0190
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0190
72
reference_url https://access.redhat.com/errata/RHSA-2022:1108
reference_id RHSA-2022:1108
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1108
73
reference_url https://access.redhat.com/errata/RHSA-2022:1110
reference_id RHSA-2022:1110
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1110
74
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
75
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:maven/io.netty/netty-codec-http@4.1.59.Final
purl pkg:maven/io.netty/netty-codec-http@4.1.59.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9u5-a8js-hbf2
1
vulnerability VCID-rewk-dvth-tubh
2
vulnerability VCID-swu5-a9h5-ffex
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.59.Final
aliases CVE-2021-21290, GHSA-5mcr-gq6c-3hq2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e92u-331h-bkcb
1
url VCID-n9u5-a8js-hbf2
vulnerability_id VCID-n9u5-a8js-hbf2
summary 
Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions
## Summary
A flaw in netty's parsing of chunk extensions in HTTP/1.1 messages with chunked encoding can lead to request smuggling issues with some reverse proxies.

## Details
When encountering a newline character (LF) while parsing a chunk extension, netty interprets the newline as the end of the chunk-size line regardless of whether a preceding carriage return (CR) was found. This is in violation of the HTTP 1.1 standard which specifies that the chunk extension is terminated by a CRLF sequence (see the [RFC](https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding)).

This is by itself harmless, but consider an intermediary with a similar parsing flaw: while parsing a chunk extension, the intermediary interprets an LF without a preceding CR as simply part of the chunk extension (this is also in violation of the RFC, because whitespace characters are not allowed in chunk extensions). We can use this discrepancy to construct an HTTP request that the intermediary will interpret as one request but netty will interpret as two (all lines ending with CRLF, notice the LFs in the chunk extension):

```
POST /one HTTP/1.1
Host: localhost:8080
Transfer-Encoding: chunked

48;\nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\n0

POST /two HTTP/1.1
Host: localhost:8080
Transfer-Encoding: chunked

0

```

The intermediary will interpret this as a single request. Once forwarded to netty, netty will interpret it as two separate requests. This is a problem, because attackers can then the intermediary, as well as perform standard request smuggling attacks against other live users (see [this Portswigger article](https://portswigger.net/web-security/request-smuggling/exploiting)).

## Impact
This is a request smuggling issue which can be exploited for bypassing front-end access control rules as well as corrupting the responses served to other live clients.

The impact is high, but it only affects setups that use a front-end which:
1. Interprets LF characters (without preceding CR) in chunk extensions as part of the chunk extension.
2. Forwards chunk extensions without normalization.

## Disclosure

 - This vulnerability was disclosed on June 18th, 2025 here: https://w4ke.info/2025/06/18/funky-chunks.html

## Discussion
Discussion for this vulnerability can be found here:
 - https://github.com/netty/netty/issues/15522
 - https://github.com/JLLeitschuh/unCVEed/issues/1

## Credit

 - Credit to @JeppW for uncovering this vulnerability.
 - Credit to @JLLeitschuh at [Socket](https://socket.dev/) for coordinating the vulnerability disclosure.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-58056
reference_id
reference_type
scores
0
value 0.00032
scoring_system epss
scoring_elements 0.09283
published_at 2026-04-02T12:55:00Z
1
value 0.00032
scoring_system epss
scoring_elements 0.09335
published_at 2026-04-04T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11401
published_at 2026-04-11T12:55:00Z
3
value 0.00038
scoring_system epss
scoring_elements 0.11201
published_at 2026-04-18T12:55:00Z
4
value 0.00038
scoring_system epss
scoring_elements 0.11199
published_at 2026-04-16T12:55:00Z
5
value 0.00038
scoring_system epss
scoring_elements 0.11339
published_at 2026-04-13T12:55:00Z
6
value 0.00038
scoring_system epss
scoring_elements 0.11368
published_at 2026-04-12T12:55:00Z
7
value 0.00038
scoring_system epss
scoring_elements 0.11394
published_at 2026-04-09T12:55:00Z
8
value 0.0004
scoring_system epss
scoring_elements 0.12032
published_at 2026-04-08T12:55:00Z
9
value 0.0004
scoring_system epss
scoring_elements 0.1195
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-58056
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056
3
reference_url https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/
url https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding
4
reference_url https://github.com/github/advisory-database/pull/6092
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/github/advisory-database/pull/6092
5
reference_url https://github.com/JLLeitschuh/unCVEed/issues/1
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/
url https://github.com/JLLeitschuh/unCVEed/issues/1
6
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
7
reference_url https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/
url https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284
8
reference_url https://github.com/netty/netty/issues/15522
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/
url https://github.com/netty/netty/issues/15522
9
reference_url https://github.com/netty/netty/pull/15611
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/
url https://github.com/netty/netty/pull/15611
10
reference_url https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49
reference_id
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/
url https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-58056
reference_id
reference_type
scores
0
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-58056
12
reference_url https://w4ke.info/2025/06/18/funky-chunks.html
reference_id
reference_type
scores
0
value 2.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/
url https://w4ke.info/2025/06/18/funky-chunks.html
13
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995
reference_id 1113995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995
14
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2392996
reference_id 2392996
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2392996
15
reference_url https://github.com/advisories/GHSA-fghv-69vj-qj49
reference_id GHSA-fghv-69vj-qj49
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fghv-69vj-qj49
16
reference_url https://access.redhat.com/errata/RHSA-2025:17187
reference_id RHSA-2025:17187
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17187
17
reference_url https://access.redhat.com/errata/RHSA-2025:17298
reference_id RHSA-2025:17298
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17298
18
reference_url https://access.redhat.com/errata/RHSA-2025:17299
reference_id RHSA-2025:17299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17299
19
reference_url https://access.redhat.com/errata/RHSA-2025:17317
reference_id RHSA-2025:17317
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17317
20
reference_url https://access.redhat.com/errata/RHSA-2025:17318
reference_id RHSA-2025:17318
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17318
21
reference_url https://access.redhat.com/errata/RHSA-2025:17563
reference_id RHSA-2025:17563
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17563
22
reference_url https://access.redhat.com/errata/RHSA-2025:17567
reference_id RHSA-2025:17567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17567
23
reference_url https://access.redhat.com/errata/RHSA-2025:18028
reference_id RHSA-2025:18028
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18028
24
reference_url https://access.redhat.com/errata/RHSA-2025:18076
reference_id RHSA-2025:18076
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18076
25
reference_url https://access.redhat.com/errata/RHSA-2025:21148
reference_id RHSA-2025:21148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:21148
26
reference_url https://access.redhat.com/errata/RHSA-2026:3102
reference_id RHSA-2026:3102
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3102
27
reference_url https://usn.ubuntu.com/7918-1/
reference_id USN-7918-1
reference_type
scores
url https://usn.ubuntu.com/7918-1/
fixed_packages
0
url pkg:maven/io.netty/netty-codec-http@4.1.125.Final
purl pkg:maven/io.netty/netty-codec-http@4.1.125.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.125.Final
1
url pkg:maven/io.netty/netty-codec-http@4.2.5.Final
purl pkg:maven/io.netty/netty-codec-http@4.2.5.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.5.Final
aliases CVE-2025-58056, GHSA-fghv-69vj-qj49
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n9u5-a8js-hbf2
2
url VCID-rewk-dvth-tubh
vulnerability_id VCID-rewk-dvth-tubh
summary 
Netty's HttpPostRequestDecoder can OOM
### Summary
The `HttpPostRequestDecoder` can be tricked to accumulate data. I have spotted currently two attack vectors 

### Details
1. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list.
2. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits

### PoC

Here is a Netty branch that provides a fix + tests : https://github.com/vietj/netty/tree/post-request-decoder


Here is a reproducer with Vert.x (which uses this decoder) https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3

### Impact
Any Netty based HTTP server that uses the `HttpPostRequestDecoder` to decode a form.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29025
reference_id
reference_type
scores
0
value 0.00261
scoring_system epss
scoring_elements 0.49434
published_at 2026-04-04T12:55:00Z
1
value 0.00261
scoring_system epss
scoring_elements 0.49407
published_at 2026-04-02T12:55:00Z
2
value 0.00261
scoring_system epss
scoring_elements 0.49442
published_at 2026-04-08T12:55:00Z
3
value 0.00261
scoring_system epss
scoring_elements 0.49387
published_at 2026-04-07T12:55:00Z
4
value 0.00268
scoring_system epss
scoring_elements 0.50306
published_at 2026-04-11T12:55:00Z
5
value 0.00268
scoring_system epss
scoring_elements 0.50278
published_at 2026-04-09T12:55:00Z
6
value 0.00268
scoring_system epss
scoring_elements 0.50279
published_at 2026-04-12T12:55:00Z
7
value 0.00324
scoring_system epss
scoring_elements 0.55529
published_at 2026-04-18T12:55:00Z
8
value 0.00324
scoring_system epss
scoring_elements 0.55525
published_at 2026-04-16T12:55:00Z
9
value 0.00324
scoring_system epss
scoring_elements 0.55489
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29025
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/
url https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3
5
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
6
reference_url https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/
url https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c
7
reference_url https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/
url https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v
8
reference_url https://github.com/vietj/netty/tree/post-request-decoder
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vietj/netty/tree/post-request-decoder
9
reference_url https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/
url https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29025
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29025
11
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110
reference_id 1068110
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110
12
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2272907
reference_id 2272907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2272907
13
reference_url https://github.com/advisories/GHSA-5jpm-x58v-624v
reference_id GHSA-5jpm-x58v-624v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5jpm-x58v-624v
14
reference_url https://access.redhat.com/errata/RHSA-2024:3550
reference_id RHSA-2024:3550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3550
15
reference_url https://access.redhat.com/errata/RHSA-2024:4460
reference_id RHSA-2024:4460
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4460
16
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
17
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
18
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
19
reference_url https://access.redhat.com/errata/RHSA-2024:6657
reference_id RHSA-2024:6657
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6657
20
reference_url https://usn.ubuntu.com/7284-1/
reference_id USN-7284-1
reference_type
scores
url https://usn.ubuntu.com/7284-1/
fixed_packages
0
url pkg:maven/io.netty/netty-codec-http@4.1.108.Final
purl pkg:maven/io.netty/netty-codec-http@4.1.108.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9u5-a8js-hbf2
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.108.Final
aliases CVE-2024-29025, GHSA-5jpm-x58v-624v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rewk-dvth-tubh
3
url VCID-swu5-a9h5-ffex
vulnerability_id VCID-swu5-a9h5-ffex
summary 
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
This CVE has been marked as a False Positive and has been removed.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-43797
reference_id
reference_type
scores
0
value 0.00381
scoring_system epss
scoring_elements 0.59596
published_at 2026-04-18T12:55:00Z
1
value 0.00381
scoring_system epss
scoring_elements 0.59589
published_at 2026-04-16T12:55:00Z
2
value 0.00381
scoring_system epss
scoring_elements 0.59556
published_at 2026-04-13T12:55:00Z
3
value 0.00381
scoring_system epss
scoring_elements 0.59575
published_at 2026-04-12T12:55:00Z
4
value 0.00381
scoring_system epss
scoring_elements 0.59592
published_at 2026-04-11T12:55:00Z
5
value 0.00381
scoring_system epss
scoring_elements 0.59573
published_at 2026-04-09T12:55:00Z
6
value 0.00381
scoring_system epss
scoring_elements 0.59509
published_at 2026-04-07T12:55:00Z
7
value 0.00381
scoring_system epss
scoring_elements 0.59541
published_at 2026-04-04T12:55:00Z
8
value 0.00381
scoring_system epss
scoring_elements 0.59515
published_at 2026-04-02T12:55:00Z
9
value 0.00381
scoring_system epss
scoring_elements 0.59561
published_at 2026-04-08T12:55:00Z
10
value 0.00381
scoring_system epss
scoring_elements 0.59443
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-43797
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
9
reference_url https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323
10
reference_url https://github.com/netty/netty/pull/11891
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/pull/11891
11
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
12
reference_url https://security.netapp.com/advisory/ntap-20220107-0003
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220107-0003
13
reference_url https://security.netapp.com/advisory/ntap-20220107-0003/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220107-0003/
14
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
15
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
16
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
17
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437
reference_id 1001437
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437
18
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2031958
reference_id 2031958
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2031958
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43797
reference_id CVE-2021-43797
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-43797
20
reference_url https://github.com/advisories/GHSA-wx5j-54mm-rqqq
reference_id GHSA-wx5j-54mm-rqqq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wx5j-54mm-rqqq
21
reference_url https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
reference_id GHSA-wx5j-54mm-rqqq
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq
22
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
23
reference_url https://access.redhat.com/errata/RHSA-2022:1345
reference_id RHSA-2022:1345
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1345
24
reference_url https://access.redhat.com/errata/RHSA-2022:2216
reference_id RHSA-2022:2216
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2216
25
reference_url https://access.redhat.com/errata/RHSA-2022:2217
reference_id RHSA-2022:2217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2217
26
reference_url https://access.redhat.com/errata/RHSA-2022:2218
reference_id RHSA-2022:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2218
27
reference_url https://access.redhat.com/errata/RHSA-2022:4623
reference_id RHSA-2022:4623
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4623
28
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
29
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
30
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
31
reference_url https://access.redhat.com/errata/RHSA-2022:5101
reference_id RHSA-2022:5101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5101
32
reference_url https://access.redhat.com/errata/RHSA-2022:5498
reference_id RHSA-2022:5498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5498
33
reference_url https://access.redhat.com/errata/RHSA-2022:5532
reference_id RHSA-2022:5532
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5532
34
reference_url https://access.redhat.com/errata/RHSA-2022:5903
reference_id RHSA-2022:5903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5903
35
reference_url https://access.redhat.com/errata/RHSA-2022:6782
reference_id RHSA-2022:6782
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6782
36
reference_url https://access.redhat.com/errata/RHSA-2022:6783
reference_id RHSA-2022:6783
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6783
37
reference_url https://access.redhat.com/errata/RHSA-2022:6787
reference_id RHSA-2022:6787
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6787
38
reference_url https://access.redhat.com/errata/RHSA-2022:7409
reference_id RHSA-2022:7409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7409
39
reference_url https://access.redhat.com/errata/RHSA-2022:7410
reference_id RHSA-2022:7410
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7410
40
reference_url https://access.redhat.com/errata/RHSA-2022:7411
reference_id RHSA-2022:7411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7411
41
reference_url https://access.redhat.com/errata/RHSA-2022:7417
reference_id RHSA-2022:7417
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:7417
42
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:maven/io.netty/netty-codec-http@4.1.71
purl pkg:maven/io.netty/netty-codec-http@4.1.71
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.71
1
url pkg:maven/io.netty/netty-codec-http@4.1.71.Final
purl pkg:maven/io.netty/netty-codec-http@4.1.71.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-n9u5-a8js-hbf2
1
vulnerability VCID-rewk-dvth-tubh
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.71.Final
aliases CVE-2021-43797, GHSA-wx5j-54mm-rqqq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-swu5-a9h5-ffex
Fixing_vulnerabilities
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.48.Final