Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/484530?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/484530?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.53.Final", "type": "maven", "namespace": "io.netty", "name": "netty-codec-http", "version": "4.1.53.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.1.133.Final", "latest_non_vulnerable_version": "4.2.13.Final", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28683?format=api", "vulnerability_id": "VCID-1e5n-j1mz-bkdp", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42580.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42580.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.041", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.04089", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.04082", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.0486", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42580", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42580" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914", "reference_id": "1139914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477214", "reference_id": "2477214", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477214" }, { "reference_url": "https://github.com/advisories/GHSA-m4cv-j2px-7723", "reference_id": "GHSA-m4cv-j2px-7723", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4cv-j2px-7723" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723", "reference_id": "GHSA-m4cv-j2px-7723", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T18:21:08Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375369?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206405?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133" }, { "url": "http://public2.vulnerablecode.io/api/packages/375367?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206406?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42580", "GHSA-m4cv-j2px-7723" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1e5n-j1mz-bkdp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9012?format=api", "vulnerability_id": "VCID-4e1q-2s61-ckg9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21290.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-21290.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21290", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07231", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07197", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07239", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07232", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-21290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20444" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20445" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11612" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7238" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21409" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec" }, { "reference_url": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05@%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3Cdev.ranger.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f@%3Cdev.ranger.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904@%3Cdev.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4@%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4@%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b@%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b@%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020@%3Cdev.tinkerpop.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020@%3Cdev.tinkerpop.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29@%3Cusers.activemq.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29@%3Cusers.activemq.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214@%3Ccommits.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214@%3Ccommits.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f@%3Ccommits.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f@%3Ccommits.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12@%3Cdev.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12@%3Cdev.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890@%3Cissues.bookkeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3Cdev.ranger.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5@%3Cdev.ranger.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4@%3Cdev.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528@%3Cissues.zookeeper.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21290" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0011", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220210-0011" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220210-0011/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220210-0011/" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4885", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2021/dsa-4885" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028", "reference_id": "1927028", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1927028" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982580", "reference_id": "982580", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982580" }, { "reference_url": "https://github.com/advisories/GHSA-5mcr-gq6c-3hq2", "reference_id": "GHSA-5mcr-gq6c-3hq2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5mcr-gq6c-3hq2" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2", "reference_id": "GHSA-5mcr-gq6c-3hq2", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0943", "reference_id": "RHSA-2021:0943", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0943" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0986", "reference_id": "RHSA-2021:0986", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1511", "reference_id": "RHSA-2021:1511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2046", "reference_id": "RHSA-2021:2046", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2047", "reference_id": "RHSA-2021:2047", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2047" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2048", "reference_id": "RHSA-2021:2048", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2048" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2051", "reference_id": "RHSA-2021:2051", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2051" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2070", "reference_id": "RHSA-2021:2070", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2070" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2139", "reference_id": "RHSA-2021:2139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2139" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2210", "reference_id": "RHSA-2021:2210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2689", "reference_id": "RHSA-2021:2689", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2689" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2755", "reference_id": "RHSA-2021:2755", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2755" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3225", "reference_id": "RHSA-2021:3225", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3225" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3700", "reference_id": "RHSA-2021:3700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3880", "reference_id": "RHSA-2021:3880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5134", "reference_id": "RHSA-2021:5134", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5134" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0190", "reference_id": "RHSA-2022:0190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1108", "reference_id": "RHSA-2022:1108", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1108" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1110", "reference_id": "RHSA-2022:1110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://usn.ubuntu.com/6049-1/", "reference_id": "USN-6049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6049-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/382780?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.59.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e5n-j1mz-bkdp" }, { "vulnerability": "VCID-67qx-dgmf-cyfw" }, { "vulnerability": "VCID-7t77-fbgp-dqhg" }, { "vulnerability": "VCID-927x-629d-tba4" }, { "vulnerability": "VCID-c8j1-p9ec-gyds" }, { "vulnerability": "VCID-e2s5-my34-4fbm" }, { "vulnerability": "VCID-jbav-4q5e-3bf3" }, { "vulnerability": "VCID-n286-n1m7-cyc8" }, { "vulnerability": "VCID-t1gp-2zmz-57a9" }, { "vulnerability": "VCID-w86r-pvjq-57cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.59.Final" } ], "aliases": [ "CVE-2021-21290", "GHSA-5mcr-gq6c-3hq2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4e1q-2s61-ckg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28688?format=api", "vulnerability_id": "VCID-67qx-dgmf-cyfw", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42585.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42585.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01685", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01679", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01682", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02048", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42585" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42585" }, { "reference_url": "https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914", "reference_id": "1139914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477227", "reference_id": "2477227", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477227" }, { "reference_url": "https://github.com/advisories/GHSA-38f8-5428-x5cv", "reference_id": "GHSA-38f8-5428-x5cv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38f8-5428-x5cv" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv", "reference_id": "GHSA-38f8-5428-x5cv", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:33:59Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv" }, { "reference_url": "https://usn.ubuntu.com/8401-1/", "reference_id": "USN-8401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8401-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375369?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206405?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133" }, { "url": "http://public2.vulnerablecode.io/api/packages/375367?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206406?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42585", "GHSA-38f8-5428-x5cv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-67qx-dgmf-cyfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10213?format=api", "vulnerability_id": "VCID-7t77-fbgp-dqhg", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43797.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43797", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.60072", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.60076", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.60084", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00381", "scoring_system": "epss", "scoring_elements": "0.59964", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43797" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41881" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41915" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/commit/07aa6b5938a8b6ed7a6586e066400e2643897323" }, { "reference_url": "https://github.com/netty/netty/pull/11891", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/pull/11891" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220107-0003", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20220107-0003" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220107-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20220107-0003/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5316", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2023/dsa-5316" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437", "reference_id": "1001437", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001437" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958", "reference_id": "2031958", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2031958" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797", "reference_id": "CVE-2021-43797", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43797" }, { "reference_url": "https://github.com/advisories/GHSA-wx5j-54mm-rqqq", "reference_id": "GHSA-wx5j-54mm-rqqq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wx5j-54mm-rqqq" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq", "reference_id": "GHSA-wx5j-54mm-rqqq", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-wx5j-54mm-rqqq" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0520", "reference_id": "RHSA-2022:0520", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0520" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1345", "reference_id": "RHSA-2022:1345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2216", "reference_id": "RHSA-2022:2216", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2216" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2217", "reference_id": "RHSA-2022:2217", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:2218", "reference_id": "RHSA-2022:2218", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:2218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4623", "reference_id": "RHSA-2022:4623", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4623" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4918", "reference_id": "RHSA-2022:4918", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4918" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4919", "reference_id": "RHSA-2022:4919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:4922", "reference_id": "RHSA-2022:4922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:4922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5101", "reference_id": "RHSA-2022:5101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5101" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5498", "reference_id": "RHSA-2022:5498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5532", "reference_id": "RHSA-2022:5532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5903", "reference_id": "RHSA-2022:5903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6782", "reference_id": "RHSA-2022:6782", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6782" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6783", "reference_id": "RHSA-2022:6783", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6783" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6787", "reference_id": "RHSA-2022:6787", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6787" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7409", "reference_id": "RHSA-2022:7409", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7410", "reference_id": "RHSA-2022:7410", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7411", "reference_id": "RHSA-2022:7411", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7411" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7417", "reference_id": "RHSA-2022:7417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7417" }, { "reference_url": "https://usn.ubuntu.com/6049-1/", "reference_id": "USN-6049-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6049-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/18241?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.71.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e5n-j1mz-bkdp" }, { "vulnerability": "VCID-67qx-dgmf-cyfw" }, { "vulnerability": "VCID-927x-629d-tba4" }, { "vulnerability": "VCID-c8j1-p9ec-gyds" }, { "vulnerability": "VCID-e2s5-my34-4fbm" }, { "vulnerability": "VCID-jbav-4q5e-3bf3" }, { "vulnerability": "VCID-n286-n1m7-cyc8" }, { "vulnerability": "VCID-t1gp-2zmz-57a9" }, { "vulnerability": "VCID-w86r-pvjq-57cf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.71.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/391959?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.71", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.71" } ], "aliases": [ "CVE-2021-43797", "GHSA-wx5j-54mm-rqqq" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7t77-fbgp-dqhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28280?format=api", "vulnerability_id": "VCID-927x-629d-tba4", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08405", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08444", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0845", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08446", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229", "reference_id": "1132229", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453", "reference_id": "2452453", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453" }, { "reference_url": "https://w4ke.info/2025/10/29/funky-chunks-2.html", "reference_id": "funky-chunks-2.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://w4ke.info/2025/10/29/funky-chunks-2.html" }, { "reference_url": "https://w4ke.info/2025/06/18/funky-chunks.html", "reference_id": "funky-chunks.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://w4ke.info/2025/06/18/funky-chunks.html" }, { "reference_url": "https://github.com/advisories/GHSA-pwqr-wmgm-9rr8", "reference_id": "GHSA-pwqr-wmgm-9rr8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwqr-wmgm-9rr8" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8", "reference_id": "GHSA-pwqr-wmgm-9rr8", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc9110", "reference_id": "rfc9110", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://www.rfc-editor.org/rfc/rfc9110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10175", "reference_id": "RHSA-2026:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13571", "reference_id": "RHSA-2026:13571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14272", "reference_id": "RHSA-2026:14272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14276", "reference_id": "RHSA-2026:14276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17668", "reference_id": "RHSA-2026:17668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17668" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17789", "reference_id": "RHSA-2026:17789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18054", "reference_id": "RHSA-2026:18054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18055", "reference_id": "RHSA-2026:18055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18059", "reference_id": "RHSA-2026:18059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22619", "reference_id": "RHSA-2026:22619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7109", "reference_id": "RHSA-2026:7109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7380", "reference_id": "RHSA-2026:7380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8159", "reference_id": "RHSA-2026:8159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8509", "reference_id": "RHSA-2026:8509", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8509" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374764?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.132.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e5n-j1mz-bkdp" }, { "vulnerability": "VCID-67qx-dgmf-cyfw" }, { "vulnerability": "VCID-e2s5-my34-4fbm" }, { "vulnerability": "VCID-jbav-4q5e-3bf3" }, { "vulnerability": "VCID-n286-n1m7-cyc8" }, { "vulnerability": "VCID-t1gp-2zmz-57a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.132.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/374765?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.10.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e5n-j1mz-bkdp" }, { "vulnerability": "VCID-67qx-dgmf-cyfw" }, { "vulnerability": "VCID-e2s5-my34-4fbm" }, { "vulnerability": "VCID-jbav-4q5e-3bf3" }, { "vulnerability": "VCID-n286-n1m7-cyc8" }, { "vulnerability": "VCID-t1gp-2zmz-57a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.10.Final" } ], "aliases": [ "CVE-2026-33870", "GHSA-pwqr-wmgm-9rr8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-927x-629d-tba4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93824?format=api", "vulnerability_id": "VCID-c8j1-p9ec-gyds", "summary": "Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26956", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26757", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26958", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26973", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056" }, { "reference_url": "https://github.com/github/advisory-database/pull/6092", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/6092" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056" }, { "reference_url": "https://github.com/JLLeitschuh/unCVEed/issues/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/JLLeitschuh/unCVEed/issues/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995", "reference_id": "1113995", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995" }, { "reference_url": "https://github.com/netty/netty/issues/15522", "reference_id": "15522", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/netty/netty/issues/15522" }, { "reference_url": "https://github.com/netty/netty/pull/15611", "reference_id": "15611", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/netty/netty/pull/15611" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996", "reference_id": "2392996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996" }, { "reference_url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284", "reference_id": "edb55fd8e0a3bcbd85881e423464f585183d1284", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284" }, { "reference_url": "https://w4ke.info/2025/06/18/funky-chunks.html", "reference_id": "funky-chunks.html", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://w4ke.info/2025/06/18/funky-chunks.html" }, { "reference_url": "https://github.com/advisories/GHSA-fghv-69vj-qj49", "reference_id": "GHSA-fghv-69vj-qj49", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fghv-69vj-qj49" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49", "reference_id": "GHSA-fghv-69vj-qj49", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49" }, { "reference_url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding", "reference_id": "rfc9112#name-chunked-transfer-coding", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17187", "reference_id": "RHSA-2025:17187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17298", "reference_id": "RHSA-2025:17298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17299", "reference_id": "RHSA-2025:17299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17317", "reference_id": "RHSA-2025:17317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17318", "reference_id": "RHSA-2025:17318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17563", "reference_id": "RHSA-2025:17563", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17563" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17567", "reference_id": "RHSA-2025:17567", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18028", "reference_id": "RHSA-2025:18028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18076", "reference_id": "RHSA-2025:18076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21148", "reference_id": "RHSA-2025:21148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:23417", "reference_id": "RHSA-2025:23417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:23417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3102", "reference_id": "RHSA-2026:3102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3102" }, { "reference_url": "https://usn.ubuntu.com/7918-1/", "reference_id": "USN-7918-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7918-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/376661?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.125.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e5n-j1mz-bkdp" }, { "vulnerability": "VCID-67qx-dgmf-cyfw" }, { "vulnerability": "VCID-927x-629d-tba4" }, { "vulnerability": "VCID-e2s5-my34-4fbm" }, { "vulnerability": "VCID-jbav-4q5e-3bf3" }, { "vulnerability": "VCID-n286-n1m7-cyc8" }, { "vulnerability": "VCID-t1gp-2zmz-57a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.125.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/376662?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e5n-j1mz-bkdp" }, { "vulnerability": "VCID-67qx-dgmf-cyfw" }, { "vulnerability": "VCID-927x-629d-tba4" }, { "vulnerability": "VCID-e2s5-my34-4fbm" }, { "vulnerability": "VCID-jbav-4q5e-3bf3" }, { "vulnerability": "VCID-n286-n1m7-cyc8" }, { "vulnerability": "VCID-t1gp-2zmz-57a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.5.Final" } ], "aliases": [ "CVE-2025-58056", "GHSA-fghv-69vj-qj49" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c8j1-p9ec-gyds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28601?format=api", "vulnerability_id": "VCID-e2s5-my34-4fbm", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06244", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06215", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06232", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06222", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023", "reference_id": "1136023", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467540", "reference_id": "2467540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467540" }, { "reference_url": "https://github.com/advisories/GHSA-v8h7-rr48-vmmv", "reference_id": "GHSA-v8h7-rr48-vmmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8h7-rr48-vmmv" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv", "reference_id": "GHSA-v8h7-rr48-vmmv", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:21Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375369?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206405?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133" }, { "url": "http://public2.vulnerablecode.io/api/packages/375367?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206406?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-41417", "GHSA-v8h7-rr48-vmmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2s5-my34-4fbm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28684?format=api", "vulnerability_id": "VCID-jbav-4q5e-3bf3", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42581.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42581.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.045", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04484", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04498", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05304", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42581" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914", "reference_id": "1139914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232", "reference_id": "2477232", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232" }, { "reference_url": "https://github.com/advisories/GHSA-xxqh-mfjm-7mv9", "reference_id": "GHSA-xxqh-mfjm-7mv9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxqh-mfjm-7mv9" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9", "reference_id": "GHSA-xxqh-mfjm-7mv9", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:42:38Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:23808", "reference_id": "RHSA-2026:23808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:23808" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:24502", "reference_id": "RHSA-2026:24502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:24502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25123", "reference_id": "RHSA-2026:25123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25123" }, { "reference_url": "https://usn.ubuntu.com/8401-1/", "reference_id": "USN-8401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8401-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375369?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206405?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133" }, { "url": "http://public2.vulnerablecode.io/api/packages/375367?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206406?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42581", "GHSA-xxqh-mfjm-7mv9" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbav-4q5e-3bf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28690?format=api", "vulnerability_id": "VCID-n286-n1m7-cyc8", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42587.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42587.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04779", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04776", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04765", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05542", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42587" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914", "reference_id": "1139914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220", "reference_id": "2477220", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220" }, { "reference_url": "https://github.com/advisories/GHSA-f6hv-jmp6-3vwv", "reference_id": "GHSA-f6hv-jmp6-3vwv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f6hv-jmp6-3vwv" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:23808", "reference_id": "RHSA-2026:23808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:23808" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:24502", "reference_id": "RHSA-2026:24502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:24502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25123", "reference_id": "RHSA-2026:25123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25123" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375369?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206405?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133" }, { "url": "http://public2.vulnerablecode.io/api/packages/375367?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206406?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42587", "GHSA-f6hv-jmp6-3vwv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n286-n1m7-cyc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/28687?format=api", "vulnerability_id": "VCID-t1gp-2zmz-57a9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42584.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42584.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03905", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03896", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03884", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04629", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42584" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42584", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42584" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914", "reference_id": "1139914", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224", "reference_id": "2477224", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224" }, { "reference_url": "https://github.com/advisories/GHSA-57rv-r2g8-2cj3", "reference_id": "GHSA-57rv-r2g8-2cj3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57rv-r2g8-2cj3" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3", "reference_id": "GHSA-57rv-r2g8-2cj3", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:35:01Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:23808", "reference_id": "RHSA-2026:23808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:23808" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:24502", "reference_id": "RHSA-2026:24502", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:24502" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:25123", "reference_id": "RHSA-2026:25123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:25123" }, { "reference_url": "https://usn.ubuntu.com/8401-1/", "reference_id": "USN-8401-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8401-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/375369?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206405?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133" }, { "url": "http://public2.vulnerablecode.io/api/packages/375367?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1206406?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42584", "GHSA-57rv-r2g8-2cj3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t1gp-2zmz-57a9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/18979?format=api", "vulnerability_id": "VCID-w86r-pvjq-57cf", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57291", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57416", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57424", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57409", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/vietj/netty/tree/post-request-decoder", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vietj/netty/tree/post-request-decoder" }, { "reference_url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "reference_id": "0d0c6ed782d13d423586ad0c71737b2c7d02058c", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/" } ], "url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110", "reference_id": "1068110", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", "reference_id": "2272907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", "reference_id": "CVE-2024-29025", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025" }, { "reference_url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", "reference_id": "f558b8ea81ec6505f1e9a6ca283c9ae3", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/" } ], "url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3" }, { "reference_url": "https://github.com/advisories/GHSA-5jpm-x58v-624v", "reference_id": "GHSA-5jpm-x58v-624v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5jpm-x58v-624v" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", "reference_id": "GHSA-5jpm-x58v-624v", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2088", "reference_id": "RHSA-2024:2088", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2088" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2106", "reference_id": "RHSA-2024:2106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2705", "reference_id": "RHSA-2024:2705", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2705" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2833", "reference_id": "RHSA-2024:2833", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2833" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2945", "reference_id": "RHSA-2024:2945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3527", "reference_id": "RHSA-2024:3527", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3527" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3550", "reference_id": "RHSA-2024:3550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4028", "reference_id": "RHSA-2024:4028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4460", "reference_id": "RHSA-2024:4460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4884", "reference_id": "RHSA-2024:4884", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4884" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5143", "reference_id": "RHSA-2024:5143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5144", "reference_id": "RHSA-2024:5144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5144" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5145", "reference_id": "RHSA-2024:5145", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5145" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5147", "reference_id": "RHSA-2024:5147", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5147" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5479", "reference_id": "RHSA-2024:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5481", "reference_id": "RHSA-2024:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5482", "reference_id": "RHSA-2024:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6657", "reference_id": "RHSA-2024:6657", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6657" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:9571", "reference_id": "RHSA-2024:9571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:9571" }, { "reference_url": "https://usn.ubuntu.com/7284-1/", "reference_id": "USN-7284-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7284-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30036?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.108.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1e5n-j1mz-bkdp" }, { "vulnerability": "VCID-67qx-dgmf-cyfw" }, { "vulnerability": "VCID-927x-629d-tba4" }, { "vulnerability": "VCID-c8j1-p9ec-gyds" }, { "vulnerability": "VCID-e2s5-my34-4fbm" }, { "vulnerability": "VCID-jbav-4q5e-3bf3" }, { "vulnerability": "VCID-n286-n1m7-cyc8" }, { "vulnerability": "VCID-t1gp-2zmz-57a9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.108.Final" } ], "aliases": [ "CVE-2024-29025", "GHSA-5jpm-x58v-624v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w86r-pvjq-57cf" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.53.Final" }