Search for packages
| purl | pkg:maven/io.netty/netty-codec-http@4.0.0 |
| Tags | Ghost |
| Next non-vulnerable version | 4.1.125.Final |
| Latest non-vulnerable version | 4.2.10.Final |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-e92u-331h-bkcb
Aliases: CVE-2021-21290 GHSA-5mcr-gq6c-3hq2 |
This advisory has been marked as False Positive and moved to `netty-codec-http`, `netty-handler` and `netty-common`. |
Affected by 3 other vulnerabilities. |
|
VCID-m9t3-3sxz-8faz
Aliases: CVE-2019-20444 GHSA-cqqj-4p63-rrmm |
HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-swu5-a9h5-ffex
Aliases: CVE-2021-43797 GHSA-wx5j-54mm-rqqq |
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') This CVE has been marked as a False Positive and has been removed. |
Affected by 0 other vulnerabilities. Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-02T16:56:10.186110+00:00 | GHSA Importer | Affected by | VCID-e92u-331h-bkcb | https://github.com/advisories/GHSA-5mcr-gq6c-3hq2 | 38.1.0 |
| 2026-04-02T12:36:26.532786+00:00 | GitLab Importer | Affected by | VCID-m9t3-3sxz-8faz | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http/CVE-2019-20444.yml | 38.0.0 |
| 2026-04-01T15:59:05.680982+00:00 | GHSA Importer | Affected by | VCID-swu5-a9h5-ffex | https://github.com/advisories/GHSA-wx5j-54mm-rqqq | 38.0.0 |