VulnerableCode Package Details - pkg:deb/debian/netty@1:4.1.45-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3mgs-vrus-q3ag	HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.	CVE-2019-20445 GHSA-p2v9-g2qv-p635
VCID-m9t3-3sxz-8faz	HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."	CVE-2019-20444 GHSA-cqqj-4p63-rrmm
VCID-r7tw-km29-4bdp	HTTP Request Smuggling in Netty Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.	CVE-2020-7238 GHSA-ff2w-cq2g-wv5f

Vulnerability

Summary

Aliases

VCID-3mgs-vrus-q3ag

HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

CVE-2019-20445
GHSA-p2v9-g2qv-p635

VCID-m9t3-3sxz-8faz

HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold."

CVE-2019-20444
GHSA-cqqj-4p63-rrmm

VCID-r7tw-km29-4bdp

HTTP Request Smuggling in Netty Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.

CVE-2020-7238
GHSA-ff2w-cq2g-wv5f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T13:00:57.655247+00:00	Debian Importer	Fixing	VCID-m9t3-3sxz-8faz	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:44:10.344940+00:00	Debian Importer	Fixing	VCID-3mgs-vrus-q3ag	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:42:14.256154+00:00	Debian Importer	Fixing	VCID-r7tw-km29-4bdp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:56:39.879461+00:00	Debian Importer	Fixing	VCID-m9t3-3sxz-8faz	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:15:34.682612+00:00	Debian Importer	Fixing	VCID-3mgs-vrus-q3ag	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:27:11.800224+00:00	Debian Importer	Fixing	VCID-r7tw-km29-4bdp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:46:53.301632+00:00	Debian Importer	Fixing	VCID-r7tw-km29-4bdp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:53.212525+00:00	Debian Importer	Fixing	VCID-3mgs-vrus-q3ag	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:46:53.163071+00:00	Debian Importer	Fixing	VCID-m9t3-3sxz-8faz	https://security-tracker.debian.org/tracker/data/json	38.1.0