VulnerableCode Package Details - pkg:maven/io.netty/netty-handler@4.0.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/io.netty/netty-handler@4.0.0

Essentials
History (1)

purl	pkg:maven/io.netty/netty-handler@4.0.0
Tags	Ghost

Next non-vulnerable version	4.1.118.Final
Latest non-vulnerable version	4.1.118.Final
Risk	3.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-3mgs-vrus-q3ag Aliases: CVE-2019-20445 GHSA-p2v9-g2qv-p635	HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.	4.1.45 Affected by 0 other vulnerabilities. 4.1.45.Final Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-3mgs-vrus-q3ag
Aliases:
CVE-2019-20445
GHSA-p2v9-g2qv-p635

HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.

4.1.45
Affected by 0 other vulnerabilities.

4.1.45.Final
Affected by 3 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T15:57:57.309091+00:00	GHSA Importer	Affected by	VCID-3mgs-vrus-q3ag	https://github.com/advisories/GHSA-p2v9-g2qv-p635	38.0.0