VulnerableCode Package Details - pkg:maven/io.netty/netty-codec-http2@4.1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/io.netty/netty-codec-http2@4.1

Essentials
History (1)

purl	pkg:maven/io.netty/netty-codec-http2@4.1
Tags	Ghost

Next non-vulnerable version	4.1.100.Final
Latest non-vulnerable version	4.2.11.Final
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-9a4r-nbdk-37fu Aliases: CVE-2020-11612 GHSA-mm9x-g8pc-w292	Denial of Service in Netty The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder.	4.1.46.Final Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-02T12:36:36.650546+00:00	GitLab Importer	Affected by	VCID-9a4r-nbdk-37fu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http2/CVE-2020-11612.yml	38.0.0