Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/io.netty/netty-all@4.1.68.Final
Typemaven
Namespaceio.netty
Namenetty-all
Version4.1.68.Final
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.94.Final
Latest_non_vulnerable_version4.1.94.Final
Affected_by_vulnerabilities
0
url VCID-8b9g-6r2j-tqhw
vulnerability_id VCID-8b9g-6r2j-tqhw
summary 
Allocation of Resources Without Limits or Throttling
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34462.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-34462.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-34462
reference_id
reference_type
scores
0
value 0.00998
scoring_system epss
scoring_elements 0.77005
published_at 2026-04-18T12:55:00Z
1
value 0.00998
scoring_system epss
scoring_elements 0.77002
published_at 2026-04-16T12:55:00Z
2
value 0.00998
scoring_system epss
scoring_elements 0.76961
published_at 2026-04-13T12:55:00Z
3
value 0.00998
scoring_system epss
scoring_elements 0.76966
published_at 2026-04-12T12:55:00Z
4
value 0.00998
scoring_system epss
scoring_elements 0.76986
published_at 2026-04-11T12:55:00Z
5
value 0.00998
scoring_system epss
scoring_elements 0.76959
published_at 2026-04-09T12:55:00Z
6
value 0.00998
scoring_system epss
scoring_elements 0.76948
published_at 2026-04-08T12:55:00Z
7
value 0.00998
scoring_system epss
scoring_elements 0.76915
published_at 2026-04-07T12:55:00Z
8
value 0.00998
scoring_system epss
scoring_elements 0.76933
published_at 2026-04-04T12:55:00Z
9
value 0.00998
scoring_system epss
scoring_elements 0.76902
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-34462
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34462
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
5
reference_url https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://github.com/netty/netty/commit/535da17e45201ae4278c0479e6162bb4127d4c32
6
reference_url https://security.netapp.com/advisory/ntap-20230803-0001
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230803-0001
7
reference_url https://security.netapp.com/advisory/ntap-20240621-0007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240621-0007
8
reference_url https://www.debian.org/security/2023/dsa-5558
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://www.debian.org/security/2023/dsa-5558
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038947
reference_id 1038947
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038947
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2216888
reference_id 2216888
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2216888
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-34462
reference_id CVE-2023-34462
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-34462
12
reference_url https://github.com/advisories/GHSA-6mjq-h674-j845
reference_id GHSA-6mjq-h674-j845
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6mjq-h674-j845
13
reference_url https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
reference_id GHSA-6mjq-h674-j845
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
14
reference_url https://security.netapp.com/advisory/ntap-20230803-0001/
reference_id ntap-20230803-0001
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://security.netapp.com/advisory/ntap-20230803-0001/
15
reference_url https://security.netapp.com/advisory/ntap-20240621-0007/
reference_id ntap-20240621-0007
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T18:36:13Z/
url https://security.netapp.com/advisory/ntap-20240621-0007/
16
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
17
reference_url https://access.redhat.com/errata/RHSA-2023:5441
reference_id RHSA-2023:5441
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5441
18
reference_url https://access.redhat.com/errata/RHSA-2023:5946
reference_id RHSA-2023:5946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5946
19
reference_url https://access.redhat.com/errata/RHSA-2023:7669
reference_id RHSA-2023:7669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7669
20
reference_url https://access.redhat.com/errata/RHSA-2023:7697
reference_id RHSA-2023:7697
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7697
21
reference_url https://access.redhat.com/errata/RHSA-2024:0148
reference_id RHSA-2024:0148
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:0148
22
reference_url https://usn.ubuntu.com/6994-1/
reference_id USN-6994-1
reference_type
scores
url https://usn.ubuntu.com/6994-1/
fixed_packages
0
url pkg:maven/io.netty/netty-all@4.1.94.Final
purl pkg:maven/io.netty/netty-all@4.1.94.Final
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-all@4.1.94.Final
aliases CVE-2023-34462, GHSA-6mjq-h674-j845
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8b9g-6r2j-tqhw
1
url VCID-qruf-r6dc-3ugj
vulnerability_id VCID-qruf-r6dc-3ugj
summary 
HAProxyMessageDecoder Stack Exhaustion DoS
### Impact
A StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion.

### Patches
Users should upgrade to 4.1.86.Final.

### Workarounds
There is no workaround, except using a custom HaProxyMessageDecoder.

### References
When parsing a TLV with type = PP2_TYPE_SSL, the value can be again a TLV with type = PP2_TYPE_SSL and so on.
The only limitation of the recursion is that the TLV length cannot be bigger than 0xffff because it is encoded in an unsigned short type.
Providing a TLV with a nesting level that is large enough will lead to raising of a StackOverflowError.
The StackOverflowError will be caught if HAProxyMessageDecoder is used as part of Netty’s ChannelPipeline, but using it directly without the ChannelPipeline will lead to a thrown exception / crash.


### For more information
If you have any questions or comments about this advisory:
* Open an issue in [netty](https://github.com/netty/netty)
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41881.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41881.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-41881
reference_id
reference_type
scores
0
value 0.00138
scoring_system epss
scoring_elements 0.33827
published_at 2026-04-18T12:55:00Z
1
value 0.00138
scoring_system epss
scoring_elements 0.3384
published_at 2026-04-16T12:55:00Z
2
value 0.00138
scoring_system epss
scoring_elements 0.33802
published_at 2026-04-13T12:55:00Z
3
value 0.00138
scoring_system epss
scoring_elements 0.33826
published_at 2026-04-12T12:55:00Z
4
value 0.00138
scoring_system epss
scoring_elements 0.33868
published_at 2026-04-11T12:55:00Z
5
value 0.00138
scoring_system epss
scoring_elements 0.3387
published_at 2026-04-09T12:55:00Z
6
value 0.00138
scoring_system epss
scoring_elements 0.33838
published_at 2026-04-08T12:55:00Z
7
value 0.00138
scoring_system epss
scoring_elements 0.33796
published_at 2026-04-07T12:55:00Z
8
value 0.00138
scoring_system epss
scoring_elements 0.33942
published_at 2026-04-04T12:55:00Z
9
value 0.00138
scoring_system epss
scoring_elements 0.33911
published_at 2026-04-02T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-41881
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
9
reference_url https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-fx2c-96vj-985v
10
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
11
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-41881
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-41881
12
reference_url https://security.netapp.com/advisory/ntap-20230113-0004
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230113-0004
13
reference_url https://security.netapp.com/advisory/ntap-20230113-0004/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20230113-0004/
14
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
15
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027180
reference_id 1027180
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1027180
16
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2153379
reference_id 2153379
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2153379
17
reference_url https://github.com/advisories/GHSA-fx2c-96vj-985v
reference_id GHSA-fx2c-96vj-985v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fx2c-96vj-985v
18
reference_url https://access.redhat.com/errata/RHSA-2023:0577
reference_id RHSA-2023:0577
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0577
19
reference_url https://access.redhat.com/errata/RHSA-2023:0713
reference_id RHSA-2023:0713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0713
20
reference_url https://access.redhat.com/errata/RHSA-2023:0758
reference_id RHSA-2023:0758
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0758
21
reference_url https://access.redhat.com/errata/RHSA-2023:0888
reference_id RHSA-2023:0888
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:0888
22
reference_url https://access.redhat.com/errata/RHSA-2023:2100
reference_id RHSA-2023:2100
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2100
23
reference_url https://access.redhat.com/errata/RHSA-2023:2705
reference_id RHSA-2023:2705
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2705
24
reference_url https://access.redhat.com/errata/RHSA-2023:2706
reference_id RHSA-2023:2706
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2706
25
reference_url https://access.redhat.com/errata/RHSA-2023:2707
reference_id RHSA-2023:2707
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2707
26
reference_url https://access.redhat.com/errata/RHSA-2023:2710
reference_id RHSA-2023:2710
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2710
27
reference_url https://access.redhat.com/errata/RHSA-2023:2713
reference_id RHSA-2023:2713
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:2713
28
reference_url https://access.redhat.com/errata/RHSA-2023:3373
reference_id RHSA-2023:3373
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3373
29
reference_url https://access.redhat.com/errata/RHSA-2023:3374
reference_id RHSA-2023:3374
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3374
30
reference_url https://access.redhat.com/errata/RHSA-2023:4627
reference_id RHSA-2023:4627
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:4627
31
reference_url https://access.redhat.com/errata/RHSA-2025:1746
reference_id RHSA-2025:1746
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1746
32
reference_url https://access.redhat.com/errata/RHSA-2025:1747
reference_id RHSA-2025:1747
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:1747
33
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:maven/io.netty/netty-all@4.1.86
purl pkg:maven/io.netty/netty-all@4.1.86
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-all@4.1.86
1
url pkg:maven/io.netty/netty-all@4.1.86.Final
purl pkg:maven/io.netty/netty-all@4.1.86.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8b9g-6r2j-tqhw
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-all@4.1.86.Final
aliases CVE-2022-41881, GHSA-fx2c-96vj-985v
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qruf-r6dc-3ugj
Fixing_vulnerabilities
0
url VCID-xyc4-63ra-mfh2
vulnerability_id VCID-xyc4-63ra-mfh2
summary 
Uncontrolled Resource Consumption
The Bzip2 decompression decoder function does not allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37136.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-37136.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-37136
reference_id
reference_type
scores
0
value 0.01187
scoring_system epss
scoring_elements 0.78826
published_at 2026-04-18T12:55:00Z
1
value 0.01187
scoring_system epss
scoring_elements 0.78829
published_at 2026-04-16T12:55:00Z
2
value 0.01187
scoring_system epss
scoring_elements 0.78801
published_at 2026-04-13T12:55:00Z
3
value 0.01187
scoring_system epss
scoring_elements 0.7881
published_at 2026-04-12T12:55:00Z
4
value 0.01187
scoring_system epss
scoring_elements 0.78827
published_at 2026-04-11T12:55:00Z
5
value 0.01187
scoring_system epss
scoring_elements 0.78804
published_at 2026-04-09T12:55:00Z
6
value 0.01187
scoring_system epss
scoring_elements 0.78796
published_at 2026-04-08T12:55:00Z
7
value 0.01187
scoring_system epss
scoring_elements 0.78771
published_at 2026-04-07T12:55:00Z
8
value 0.01187
scoring_system epss
scoring_elements 0.78788
published_at 2026-04-04T12:55:00Z
9
value 0.01187
scoring_system epss
scoring_elements 0.78757
published_at 2026-04-02T12:55:00Z
10
value 0.01187
scoring_system epss
scoring_elements 0.7875
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-37136
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881
6
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915
7
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
8
reference_url https://github.com/netty/netty
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty
9
reference_url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L294
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L294
10
reference_url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L305
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L305
11
reference_url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L80
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/blob/4.1/codec/src/main/java/io/netty/handler/codec/compression/Bzip2Decoder.java#L80
12
reference_url https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/commit/41d3d61a61608f2223bb364955ab2045dd5e4020
13
reference_url https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d@%3Ccommits.druid.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb@%3Ccommits.druid.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04@%3Ccommits.druid.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0@%3Ccommits.druid.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16@%3Ccommits.druid.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3Cdev.tinkerpop.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e@%3Cdev.tinkerpop.apache.org%3E
19
reference_url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html
20
reference_url https://security.netapp.com/advisory/ntap-20220210-0012
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220210-0012
21
reference_url https://security.netapp.com/advisory/ntap-20220210-0012/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220210-0012/
22
reference_url https://www.debian.org/security/2023/dsa-5316
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.debian.org/security/2023/dsa-5316
23
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
24
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
25
reference_url https://www.oracle.com/security-alerts/cpujul2022.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujul2022.html
26
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014769
reference_id 1014769
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014769
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2004133
reference_id 2004133
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2004133
28
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-37136
reference_id CVE-2021-37136
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-37136
29
reference_url https://github.com/advisories/GHSA-grg4-wf29-r9vv
reference_id GHSA-grg4-wf29-r9vv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-grg4-wf29-r9vv
30
reference_url https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
reference_id GHSA-grg4-wf29-r9vv
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
31
reference_url https://access.redhat.com/errata/RHSA-2021:3959
reference_id RHSA-2021:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:3959
32
reference_url https://access.redhat.com/errata/RHSA-2021:4851
reference_id RHSA-2021:4851
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:4851
33
reference_url https://access.redhat.com/errata/RHSA-2021:5127
reference_id RHSA-2021:5127
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5127
34
reference_url https://access.redhat.com/errata/RHSA-2021:5128
reference_id RHSA-2021:5128
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5128
35
reference_url https://access.redhat.com/errata/RHSA-2021:5129
reference_id RHSA-2021:5129
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5129
36
reference_url https://access.redhat.com/errata/RHSA-2021:5134
reference_id RHSA-2021:5134
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:5134
37
reference_url https://access.redhat.com/errata/RHSA-2022:0138
reference_id RHSA-2022:0138
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0138
38
reference_url https://access.redhat.com/errata/RHSA-2022:0520
reference_id RHSA-2022:0520
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0520
39
reference_url https://access.redhat.com/errata/RHSA-2022:0589
reference_id RHSA-2022:0589
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:0589
40
reference_url https://access.redhat.com/errata/RHSA-2022:1013
reference_id RHSA-2022:1013
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:1013
41
reference_url https://access.redhat.com/errata/RHSA-2022:2216
reference_id RHSA-2022:2216
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2216
42
reference_url https://access.redhat.com/errata/RHSA-2022:2217
reference_id RHSA-2022:2217
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2217
43
reference_url https://access.redhat.com/errata/RHSA-2022:2218
reference_id RHSA-2022:2218
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:2218
44
reference_url https://access.redhat.com/errata/RHSA-2022:4918
reference_id RHSA-2022:4918
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4918
45
reference_url https://access.redhat.com/errata/RHSA-2022:4919
reference_id RHSA-2022:4919
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4919
46
reference_url https://access.redhat.com/errata/RHSA-2022:4922
reference_id RHSA-2022:4922
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:4922
47
reference_url https://access.redhat.com/errata/RHSA-2022:5903
reference_id RHSA-2022:5903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:5903
48
reference_url https://access.redhat.com/errata/RHSA-2022:6835
reference_id RHSA-2022:6835
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:6835
49
reference_url https://access.redhat.com/errata/RHSA-2022:8506
reference_id RHSA-2022:8506
reference_type
scores
url https://access.redhat.com/errata/RHSA-2022:8506
50
reference_url https://access.redhat.com/errata/RHSA-2023:3223
reference_id RHSA-2023:3223
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:3223
51
reference_url https://access.redhat.com/errata/RHSA-2023:5165
reference_id RHSA-2023:5165
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:5165
52
reference_url https://usn.ubuntu.com/6049-1/
reference_id USN-6049-1
reference_type
scores
url https://usn.ubuntu.com/6049-1/
fixed_packages
0
url pkg:maven/io.netty/netty-all@4.1.68
purl pkg:maven/io.netty/netty-all@4.1.68
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-all@4.1.68
1
url pkg:maven/io.netty/netty-all@4.1.68.Final
purl pkg:maven/io.netty/netty-all@4.1.68.Final
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8b9g-6r2j-tqhw
1
vulnerability VCID-qruf-r6dc-3ugj
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-all@4.1.68.Final
aliases CVE-2021-37136, GHSA-grg4-wf29-r9vv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xyc4-63ra-mfh2
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-all@4.1.68.Final