{"url":"http://public2.vulnerablecode.io/api/packages/705855?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.94.Final","type":"maven","namespace":"io.netty","name":"netty-codec-http","version":"4.1.94.Final","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.133.Final","latest_non_vulnerable_version":"4.2.13.Final","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28683?format=json","vulnerability_id":"VCID-1e5n-j1mz-bkdp","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42580.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42580.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42580","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.041","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04089","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04082","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.0486","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42580","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42580"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42580","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42580"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914","reference_id":"1139914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477214","reference_id":"2477214","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477214"},{"reference_url":"https://github.com/advisories/GHSA-m4cv-j2px-7723","reference_id":"GHSA-m4cv-j2px-7723","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4cv-j2px-7723"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723","reference_id":"GHSA-m4cv-j2px-7723","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T18:21:08Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375369?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206405?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/375367?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206406?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42580","GHSA-m4cv-j2px-7723"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1e5n-j1mz-bkdp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28688?format=json","vulnerability_id":"VCID-67qx-dgmf-cyfw","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42585.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42585","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01685","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01679","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01682","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00013","scoring_system":"epss","scoring_elements":"0.02048","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42585"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42585","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42585"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914","reference_id":"1139914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477227","reference_id":"2477227","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477227"},{"reference_url":"https://github.com/advisories/GHSA-38f8-5428-x5cv","reference_id":"GHSA-38f8-5428-x5cv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38f8-5428-x5cv"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv","reference_id":"GHSA-38f8-5428-x5cv","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:33:59Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"},{"reference_url":"https://usn.ubuntu.com/8401-1/","reference_id":"USN-8401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8401-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375369?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206405?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/375367?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206406?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42585","GHSA-38f8-5428-x5cv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67qx-dgmf-cyfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28280?format=json","vulnerability_id":"VCID-927x-629d-tba4","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33870","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08405","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08444","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0845","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08446","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33870","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33870"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229","reference_id":"1132229","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452453","reference_id":"2452453","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452453"},{"reference_url":"https://w4ke.info/2025/10/29/funky-chunks-2.html","reference_id":"funky-chunks-2.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/"}],"url":"https://w4ke.info/2025/10/29/funky-chunks-2.html"},{"reference_url":"https://w4ke.info/2025/06/18/funky-chunks.html","reference_id":"funky-chunks.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/"}],"url":"https://w4ke.info/2025/06/18/funky-chunks.html"},{"reference_url":"https://github.com/advisories/GHSA-pwqr-wmgm-9rr8","reference_id":"GHSA-pwqr-wmgm-9rr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pwqr-wmgm-9rr8"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8","reference_id":"GHSA-pwqr-wmgm-9rr8","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc9110","reference_id":"rfc9110","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc9110"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13571","reference_id":"RHSA-2026:13571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14272","reference_id":"RHSA-2026:14272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14276","reference_id":"RHSA-2026:14276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17668","reference_id":"RHSA-2026:17668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17789","reference_id":"RHSA-2026:17789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18054","reference_id":"RHSA-2026:18054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18055","reference_id":"RHSA-2026:18055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18059","reference_id":"RHSA-2026:18059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7109","reference_id":"RHSA-2026:7109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7380","reference_id":"RHSA-2026:7380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8159","reference_id":"RHSA-2026:8159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8509","reference_id":"RHSA-2026:8509","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8509"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374764?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.132.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e5n-j1mz-bkdp"},{"vulnerability":"VCID-67qx-dgmf-cyfw"},{"vulnerability":"VCID-e2s5-my34-4fbm"},{"vulnerability":"VCID-jbav-4q5e-3bf3"},{"vulnerability":"VCID-n286-n1m7-cyc8"},{"vulnerability":"VCID-t1gp-2zmz-57a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.132.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/374765?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.10.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e5n-j1mz-bkdp"},{"vulnerability":"VCID-67qx-dgmf-cyfw"},{"vulnerability":"VCID-e2s5-my34-4fbm"},{"vulnerability":"VCID-jbav-4q5e-3bf3"},{"vulnerability":"VCID-n286-n1m7-cyc8"},{"vulnerability":"VCID-t1gp-2zmz-57a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.10.Final"}],"aliases":["CVE-2026-33870","GHSA-pwqr-wmgm-9rr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-927x-629d-tba4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93824?format=json","vulnerability_id":"VCID-c8j1-p9ec-gyds","summary":"Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58056","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26956","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26757","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26958","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26973","published_at":"2026-06-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056"},{"reference_url":"https://github.com/github/advisory-database/pull/6092","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/6092"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58056","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58056"},{"reference_url":"https://github.com/JLLeitschuh/unCVEed/issues/1","reference_id":"1","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/JLLeitschuh/unCVEed/issues/1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995","reference_id":"1113995","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995"},{"reference_url":"https://github.com/netty/netty/issues/15522","reference_id":"15522","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/netty/netty/issues/15522"},{"reference_url":"https://github.com/netty/netty/pull/15611","reference_id":"15611","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/netty/netty/pull/15611"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392996","reference_id":"2392996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392996"},{"reference_url":"https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284","reference_id":"edb55fd8e0a3bcbd85881e423464f585183d1284","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"},{"reference_url":"https://w4ke.info/2025/06/18/funky-chunks.html","reference_id":"funky-chunks.html","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://w4ke.info/2025/06/18/funky-chunks.html"},{"reference_url":"https://github.com/advisories/GHSA-fghv-69vj-qj49","reference_id":"GHSA-fghv-69vj-qj49","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-fghv-69vj-qj49"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49","reference_id":"GHSA-fghv-69vj-qj49","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding","reference_id":"rfc9112#name-chunked-transfer-coding","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17187","reference_id":"RHSA-2025:17187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17298","reference_id":"RHSA-2025:17298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17299","reference_id":"RHSA-2025:17299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17317","reference_id":"RHSA-2025:17317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17318","reference_id":"RHSA-2025:17318","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17318"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17563","reference_id":"RHSA-2025:17563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17567","reference_id":"RHSA-2025:17567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18028","reference_id":"RHSA-2025:18028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18076","reference_id":"RHSA-2025:18076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21148","reference_id":"RHSA-2025:21148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23417","reference_id":"RHSA-2025:23417","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23417"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3102","reference_id":"RHSA-2026:3102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3102"},{"reference_url":"https://usn.ubuntu.com/7918-1/","reference_id":"USN-7918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7918-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/376661?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.125.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e5n-j1mz-bkdp"},{"vulnerability":"VCID-67qx-dgmf-cyfw"},{"vulnerability":"VCID-927x-629d-tba4"},{"vulnerability":"VCID-e2s5-my34-4fbm"},{"vulnerability":"VCID-jbav-4q5e-3bf3"},{"vulnerability":"VCID-n286-n1m7-cyc8"},{"vulnerability":"VCID-t1gp-2zmz-57a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.125.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/376662?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.5.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e5n-j1mz-bkdp"},{"vulnerability":"VCID-67qx-dgmf-cyfw"},{"vulnerability":"VCID-927x-629d-tba4"},{"vulnerability":"VCID-e2s5-my34-4fbm"},{"vulnerability":"VCID-jbav-4q5e-3bf3"},{"vulnerability":"VCID-n286-n1m7-cyc8"},{"vulnerability":"VCID-t1gp-2zmz-57a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.5.Final"}],"aliases":["CVE-2025-58056","GHSA-fghv-69vj-qj49"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c8j1-p9ec-gyds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28601?format=json","vulnerability_id":"VCID-e2s5-my34-4fbm","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41417","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06244","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06215","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06232","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06222","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41417","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41417"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023","reference_id":"1136023","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467540","reference_id":"2467540","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467540"},{"reference_url":"https://github.com/advisories/GHSA-v8h7-rr48-vmmv","reference_id":"GHSA-v8h7-rr48-vmmv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8h7-rr48-vmmv"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv","reference_id":"GHSA-v8h7-rr48-vmmv","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:21Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375369?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206405?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/375367?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206406?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-41417","GHSA-v8h7-rr48-vmmv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2s5-my34-4fbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28684?format=json","vulnerability_id":"VCID-jbav-4q5e-3bf3","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42581.json","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42581.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42581","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.045","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04484","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04498","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05304","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42581"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42581","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42581"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914","reference_id":"1139914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477232","reference_id":"2477232","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477232"},{"reference_url":"https://github.com/advisories/GHSA-xxqh-mfjm-7mv9","reference_id":"GHSA-xxqh-mfjm-7mv9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxqh-mfjm-7mv9"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9","reference_id":"GHSA-xxqh-mfjm-7mv9","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:42:38Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23808","reference_id":"RHSA-2026:23808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24502","reference_id":"RHSA-2026:24502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25123","reference_id":"RHSA-2026:25123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25123"},{"reference_url":"https://usn.ubuntu.com/8401-1/","reference_id":"USN-8401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8401-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375369?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206405?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/375367?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206406?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42581","GHSA-xxqh-mfjm-7mv9"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jbav-4q5e-3bf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28690?format=json","vulnerability_id":"VCID-n286-n1m7-cyc8","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42587.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42587.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42587","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04779","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04776","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04765","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05542","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42587"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42587","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914","reference_id":"1139914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477220","reference_id":"2477220","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477220"},{"reference_url":"https://github.com/advisories/GHSA-f6hv-jmp6-3vwv","reference_id":"GHSA-f6hv-jmp6-3vwv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6hv-jmp6-3vwv"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23808","reference_id":"RHSA-2026:23808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24502","reference_id":"RHSA-2026:24502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25123","reference_id":"RHSA-2026:25123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25123"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375369?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206405?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/375367?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206406?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42587","GHSA-f6hv-jmp6-3vwv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n286-n1m7-cyc8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/28687?format=json","vulnerability_id":"VCID-t1gp-2zmz-57a9","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42584.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42584.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42584","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03905","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03896","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03884","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04629","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42584"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42584","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42584"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42584","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42584"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914","reference_id":"1139914","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1139914"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477224","reference_id":"2477224","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477224"},{"reference_url":"https://github.com/advisories/GHSA-57rv-r2g8-2cj3","reference_id":"GHSA-57rv-r2g8-2cj3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57rv-r2g8-2cj3"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3","reference_id":"GHSA-57rv-r2g8-2cj3","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:35:01Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:23808","reference_id":"RHSA-2026:23808","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:23808"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:24502","reference_id":"RHSA-2026:24502","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:24502"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:25123","reference_id":"RHSA-2026:25123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:25123"},{"reference_url":"https://usn.ubuntu.com/8401-1/","reference_id":"USN-8401-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8401-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375369?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206405?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/375367?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1206406?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42584","GHSA-57rv-r2g8-2cj3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t1gp-2zmz-57a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/18979?format=json","vulnerability_id":"VCID-w86r-pvjq-57cf","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29025","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57291","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57416","published_at":"2026-06-14T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57424","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.57409","published_at":"2026-06-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/vietj/netty/tree/post-request-decoder","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/vietj/netty/tree/post-request-decoder"},{"reference_url":"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c","reference_id":"0d0c6ed782d13d423586ad0c71737b2c7d02058c","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/"}],"url":"https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110","reference_id":"1068110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272907","reference_id":"2272907","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272907"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29025","reference_id":"CVE-2024-29025","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29025"},{"reference_url":"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3","reference_id":"f558b8ea81ec6505f1e9a6ca283c9ae3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/"}],"url":"https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3"},{"reference_url":"https://github.com/advisories/GHSA-5jpm-x58v-624v","reference_id":"GHSA-5jpm-x58v-624v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5jpm-x58v-624v"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v","reference_id":"GHSA-5jpm-x58v-624v","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2088","reference_id":"RHSA-2024:2088","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2088"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2106","reference_id":"RHSA-2024:2106","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2106"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2705","reference_id":"RHSA-2024:2705","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2705"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2833","reference_id":"RHSA-2024:2833","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2833"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2945","reference_id":"RHSA-2024:2945","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2945"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3527","reference_id":"RHSA-2024:3527","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3527"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:3550","reference_id":"RHSA-2024:3550","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:3550"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4028","reference_id":"RHSA-2024:4028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4460","reference_id":"RHSA-2024:4460","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4460"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4884","reference_id":"RHSA-2024:4884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5143","reference_id":"RHSA-2024:5143","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5144","reference_id":"RHSA-2024:5144","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5144"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5145","reference_id":"RHSA-2024:5145","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5145"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5147","reference_id":"RHSA-2024:5147","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5147"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5479","reference_id":"RHSA-2024:5479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5481","reference_id":"RHSA-2024:5481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5481"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5482","reference_id":"RHSA-2024:5482","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5482"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6657","reference_id":"RHSA-2024:6657","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6657"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9571","reference_id":"RHSA-2024:9571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9571"},{"reference_url":"https://usn.ubuntu.com/7284-1/","reference_id":"USN-7284-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7284-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/30036?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.108.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1e5n-j1mz-bkdp"},{"vulnerability":"VCID-67qx-dgmf-cyfw"},{"vulnerability":"VCID-927x-629d-tba4"},{"vulnerability":"VCID-c8j1-p9ec-gyds"},{"vulnerability":"VCID-e2s5-my34-4fbm"},{"vulnerability":"VCID-jbav-4q5e-3bf3"},{"vulnerability":"VCID-n286-n1m7-cyc8"},{"vulnerability":"VCID-t1gp-2zmz-57a9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.108.Final"}],"aliases":["CVE-2024-29025","GHSA-5jpm-x58v-624v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w86r-pvjq-57cf"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.94.Final"}