Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/72989?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/72989?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.8.Final", "type": "maven", "namespace": "io.netty", "name": "netty-codec-http", "version": "4.2.8.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.2.13.Final", "latest_non_vulnerable_version": "4.2.13.Final", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60206?format=api", "vulnerability_id": "VCID-31ny-wxsb-c7gg", "summary": "netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42587.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42587.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04713", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04774", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04764", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00018", "scoring_system": "epss", "scoring_elements": "0.04751", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42587" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42587" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220", "reference_id": "2477220", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477220" }, { "reference_url": "https://github.com/advisories/GHSA-f6hv-jmp6-3vwv", "reference_id": "GHSA-f6hv-jmp6-3vwv", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f6hv-jmp6-3vwv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114482?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1126343?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42587", "GHSA-f6hv-jmp6-3vwv" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-31ny-wxsb-c7gg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60681?format=api", "vulnerability_id": "VCID-7c2r-a8z2-87en", "summary": "netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05626", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05611", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06172", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06218", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:21Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023", "reference_id": "1136023", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467540", "reference_id": "2467540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467540" }, { "reference_url": "https://github.com/advisories/GHSA-v8h7-rr48-vmmv", "reference_id": "GHSA-v8h7-rr48-vmmv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-v8h7-rr48-vmmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114482?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1126343?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-41417", "GHSA-v8h7-rr48-vmmv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7c2r-a8z2-87en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60208?format=api", "vulnerability_id": "VCID-8e9f-e1k3-f7ab", "summary": "netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42585.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42585.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42585", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01679", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01681", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01687", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42585" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42585" }, { "reference_url": "https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:33:59Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42585" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477227", "reference_id": "2477227", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477227" }, { "reference_url": "https://github.com/advisories/GHSA-38f8-5428-x5cv", "reference_id": "GHSA-38f8-5428-x5cv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-38f8-5428-x5cv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114482?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1126343?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42585", "GHSA-38f8-5428-x5cv" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8e9f-e1k3-f7ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64132?format=api", "vulnerability_id": "VCID-8n29-ssr1-6ydr", "summary": "io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08333", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08397", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08409", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.0839", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870" }, { "reference_url": "https://w4ke.info/2025/06/18/funky-chunks.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://w4ke.info/2025/06/18/funky-chunks.html" }, { "reference_url": "https://w4ke.info/2025/10/29/funky-chunks-2.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://w4ke.info/2025/10/29/funky-chunks-2.html" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc9110", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://www.rfc-editor.org/rfc/rfc9110" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229", "reference_id": "1132229", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453", "reference_id": "2452453", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453" }, { "reference_url": "https://github.com/advisories/GHSA-pwqr-wmgm-9rr8", "reference_id": "GHSA-pwqr-wmgm-9rr8", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pwqr-wmgm-9rr8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10175", "reference_id": "RHSA-2026:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13571", "reference_id": "RHSA-2026:13571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14272", "reference_id": "RHSA-2026:14272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14276", "reference_id": "RHSA-2026:14276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17668", "reference_id": "RHSA-2026:17668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17668" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17789", "reference_id": "RHSA-2026:17789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18054", "reference_id": "RHSA-2026:18054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18055", "reference_id": "RHSA-2026:18055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18059", "reference_id": "RHSA-2026:18059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22619", "reference_id": "RHSA-2026:22619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7109", "reference_id": "RHSA-2026:7109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7380", "reference_id": "RHSA-2026:7380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8159", "reference_id": "RHSA-2026:8159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8509", "reference_id": "RHSA-2026:8509", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8509" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113033?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.10.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31ny-wxsb-c7gg" }, { "vulnerability": "VCID-7c2r-a8z2-87en" }, { "vulnerability": "VCID-8e9f-e1k3-f7ab" }, { "vulnerability": "VCID-efpd-xda2-2khy" }, { "vulnerability": "VCID-nf3c-b2gw-87b3" }, { "vulnerability": "VCID-uxn5-ftbb-5fge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.10.Final" } ], "aliases": [ "CVE-2026-33870", "GHSA-pwqr-wmgm-9rr8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8n29-ssr1-6ydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60209?format=api", "vulnerability_id": "VCID-efpd-xda2-2khy", "summary": "netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42584.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42584.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42584", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03836", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0387", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.03859", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42584" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42584", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42584" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:35:01Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42584" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224", "reference_id": "2477224", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477224" }, { "reference_url": "https://github.com/advisories/GHSA-57rv-r2g8-2cj3", "reference_id": "GHSA-57rv-r2g8-2cj3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-57rv-r2g8-2cj3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114482?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1126343?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42584", "GHSA-57rv-r2g8-2cj3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-efpd-xda2-2khy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60213?format=api", "vulnerability_id": "VCID-nf3c-b2gw-87b3", "summary": "netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42581.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42581.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42581", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04454", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04511", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04501", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04489", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42581" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42581", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42581" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:42:38Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42581" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232", "reference_id": "2477232", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477232" }, { "reference_url": "https://github.com/advisories/GHSA-xxqh-mfjm-7mv9", "reference_id": "GHSA-xxqh-mfjm-7mv9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-xxqh-mfjm-7mv9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114482?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1126343?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42581", "GHSA-xxqh-mfjm-7mv9" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nf3c-b2gw-87b3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60210?format=api", "vulnerability_id": "VCID-uxn5-ftbb-5fge", "summary": "netty: Netty: Request smuggling via chunk size parser integer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42580.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42580.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42580", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.04032", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.04069", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00016", "scoring_system": "epss", "scoring_elements": "0.0406", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-42580" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42580", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42580" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T18:21:08Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42580" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477214", "reference_id": "2477214", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2477214" }, { "reference_url": "https://github.com/advisories/GHSA-m4cv-j2px-7723", "reference_id": "GHSA-m4cv-j2px-7723", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m4cv-j2px-7723" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114482?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/1126343?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13" } ], "aliases": [ "CVE-2026-42580", "GHSA-m4cv-j2px-7723" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uxn5-ftbb-5fge" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49440?format=api", "vulnerability_id": "VCID-gfbf-t6cs-auh5", "summary": "Netty has a CRLF Injection vulnerability in io.netty.handler.codec.http.HttpRequestEncoder\nThe `io.netty.handler.codec.http.HttpRequestEncoder` CRLF injection with the request uri when constructing a request. This leads to request smuggling when `HttpRequestEncoder` is used without proper sanitization of the uri.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67735.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-67735.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67735", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07243", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07297", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07301", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.07286", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-67735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-67735" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/commit/77e81f1e5944d98b3acf887d3aa443b252752e94", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty/commit/77e81f1e5944d98b3acf887d3aa443b252752e94" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123606", "reference_id": "1123606", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1123606" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422568", "reference_id": "2422568", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2422568" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735", "reference_id": "CVE-2025-67735", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-67735" }, { "reference_url": "https://github.com/advisories/GHSA-84h7-rjj3-6jx4", "reference_id": "GHSA-84h7-rjj3-6jx4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-84h7-rjj3-6jx4" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4", "reference_id": "GHSA-84h7-rjj3-6jx4", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-16T14:26:21Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1899", "reference_id": "RHSA-2026:1899", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:1899" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/72990?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.129.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31ny-wxsb-c7gg" }, { "vulnerability": "VCID-7c2r-a8z2-87en" }, { "vulnerability": "VCID-8e9f-e1k3-f7ab" }, { "vulnerability": "VCID-8n29-ssr1-6ydr" }, { "vulnerability": "VCID-efpd-xda2-2khy" }, { "vulnerability": "VCID-nf3c-b2gw-87b3" }, { "vulnerability": "VCID-uxn5-ftbb-5fge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.129.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/72989?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.8.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-31ny-wxsb-c7gg" }, { "vulnerability": "VCID-7c2r-a8z2-87en" }, { "vulnerability": "VCID-8e9f-e1k3-f7ab" }, { "vulnerability": "VCID-8n29-ssr1-6ydr" }, { "vulnerability": "VCID-efpd-xda2-2khy" }, { "vulnerability": "VCID-nf3c-b2gw-87b3" }, { "vulnerability": "VCID-uxn5-ftbb-5fge" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.8.Final" } ], "aliases": [ "CVE-2025-67735", "GHSA-84h7-rjj3-6jx4" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfbf-t6cs-auh5" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.8.Final" }