VulnerableCode Package Details - pkg:maven/io.netty/netty-codec-http2@4.1.61.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-5781-s1ny-q7ey Aliases: CVE-2023-44487 GHSA-2m7v-gc89-fjqf GHSA-qppj-fm5r-hxr3 GHSA-vx74-f528-fxqg GHSA-xpw8-rcwv-8f8p GMS-2023-3377 VSV00013		4.1.100.Final Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5781-s1ny-q7ey
Aliases:
CVE-2023-44487
GHSA-2m7v-gc89-fjqf
GHSA-qppj-fm5r-hxr3
GHSA-vx74-f528-fxqg
GHSA-xpw8-rcwv-8f8p
GMS-2023-3377
VSV00013

4.1.100.Final
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-hzxz-sqmu-s7e1	Possible request smuggling in HTTP/2 due missing validation of content-length ### Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1 This is a followup of https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj which did miss to fix this one case. ### Patches This was fixed as part of 4.1.61.Final ### Workarounds Validation can be done by the user before proxy the request by validating the header.	CVE-2021-21409 GHSA-f256-j965-7f32

Vulnerability

Summary

Aliases

VCID-hzxz-sqmu-s7e1

Possible request smuggling in HTTP/2 due missing validation of content-length ### Impact The content-length header is not correctly validated if the request only use a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1 This is a followup of https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj which did miss to fix this one case. ### Patches This was fixed as part of 4.1.61.Final ### Workarounds Validation can be done by the user before proxy the request by validating the header.

CVE-2021-21409
GHSA-f256-j965-7f32

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:40:18.797293+00:00	GitLab Importer	Affected by	VCID-5781-s1ny-q7ey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http2/CVE-2023-44487.yml	38.4.0
2026-04-16T21:19:46.309616+00:00	GitLab Importer	Fixing	VCID-hzxz-sqmu-s7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http2/CVE-2021-21409.yml	38.4.0
2026-04-11T23:59:45.846518+00:00	GitLab Importer	Affected by	VCID-5781-s1ny-q7ey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http2/CVE-2023-44487.yml	38.3.0
2026-04-11T22:32:08.164361+00:00	GitLab Importer	Fixing	VCID-hzxz-sqmu-s7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http2/CVE-2021-21409.yml	38.3.0
2026-04-03T00:02:49.613136+00:00	GitLab Importer	Affected by	VCID-5781-s1ny-q7ey	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http2/CVE-2023-44487.yml	38.1.0
2026-04-02T22:43:24.127613+00:00	GitLab Importer	Fixing	VCID-hzxz-sqmu-s7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http2/CVE-2021-21409.yml	38.1.0
2026-04-02T16:56:22.153747+00:00	GHSA Importer	Fixing	VCID-hzxz-sqmu-s7e1	https://github.com/advisories/GHSA-f256-j965-7f32	38.1.0
2026-04-01T17:01:08.182025+00:00	GitLab Importer	Fixing	VCID-hzxz-sqmu-s7e1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http2/CVE-2021-21409.yml	38.0.0
2026-04-01T13:01:52.950449+00:00	GithubOSV Importer	Fixing	VCID-hzxz-sqmu-s7e1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/03/GHSA-f256-j965-7f32/GHSA-f256-j965-7f32.json	38.0.0