Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/netty@1:4.1.48-4?distro=trixie
purl pkg:deb/debian/netty@1:4.1.48-4?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-hzxz-sqmu-s7e1 Possible request smuggling in HTTP/2 due missing validation of content-length ### Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1 This is a followup of https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj which did miss to fix this one case. ### Patches This was fixed as part of 4.1.61.Final ### Workarounds Validation can be done by the user before proxy the request by validating the header. CVE-2021-21409
GHSA-f256-j965-7f32

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:44:36.420289+00:00 Debian Importer Fixing VCID-hzxz-sqmu-s7e1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T08:44:19.099350+00:00 Debian Importer Fixing VCID-hzxz-sqmu-s7e1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:46:53.451653+00:00 Debian Importer Fixing VCID-hzxz-sqmu-s7e1 https://security-tracker.debian.org/tracker/data/json 38.1.0