Search for packages
| purl | pkg:rpm/redhat/nodejs-rhea@1.0.16-1?arch=el8 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3mgs-vrus-q3ag
Aliases: CVE-2019-20445 GHSA-p2v9-g2qv-p635 |
HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. | There are no reported fixed by versions. |
|
VCID-m9t3-3sxz-8faz
Aliases: CVE-2019-20444 GHSA-cqqj-4p63-rrmm |
HTTP Request Smuggling in Netty HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." | There are no reported fixed by versions. |
|
VCID-r7tw-km29-4bdp
Aliases: CVE-2020-7238 GHSA-ff2w-cq2g-wv5f |
HTTP Request Smuggling in Netty Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T14:13:30.844795+00:00 | RedHat Importer | Affected by | VCID-r7tw-km29-4bdp | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7238.json | 38.0.0 |
| 2026-04-01T14:13:08.054949+00:00 | RedHat Importer | Affected by | VCID-m9t3-3sxz-8faz | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20444.json | 38.0.0 |
| 2026-04-01T14:13:04.808513+00:00 | RedHat Importer | Affected by | VCID-3mgs-vrus-q3ag | https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20445.json | 38.0.0 |