Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/727396?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/727396?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.96.Final", "type": "maven", "namespace": "io.netty", "name": "netty-codec-http", "version": "4.1.96.Final", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.1.133.Final", "latest_non_vulnerable_version": "4.2.13.Final", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60681?format=api", "vulnerability_id": "VCID-7c2r-a8z2-87en", "summary": "netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41417", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05626", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-41417" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:21Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41417" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023", "reference_id": "1136023", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467540", "reference_id": "2467540", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2467540" }, { "reference_url": "https://github.com/advisories/GHSA-v8h7-rr48-vmmv", "reference_id": "GHSA-v8h7-rr48-vmmv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v8h7-rr48-vmmv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/114484?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.133.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/114482?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.13.Final", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final" } ], "aliases": [ "CVE-2026-41417", "GHSA-v8h7-rr48-vmmv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7c2r-a8z2-87en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64132?format=api", "vulnerability_id": "VCID-8n29-ssr1-6ydr", "summary": "io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33870", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08397", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33870" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33870" }, { "reference_url": "https://w4ke.info/2025/06/18/funky-chunks.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://w4ke.info/2025/06/18/funky-chunks.html" }, { "reference_url": "https://w4ke.info/2025/10/29/funky-chunks-2.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://w4ke.info/2025/10/29/funky-chunks-2.html" }, { "reference_url": "https://www.rfc-editor.org/rfc/rfc9110", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/" } ], "url": "https://www.rfc-editor.org/rfc/rfc9110" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229", "reference_id": "1132229", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453", "reference_id": "2452453", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452453" }, { "reference_url": "https://github.com/advisories/GHSA-pwqr-wmgm-9rr8", "reference_id": "GHSA-pwqr-wmgm-9rr8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pwqr-wmgm-9rr8" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10175", "reference_id": "RHSA-2026:10175", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10175" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10184", "reference_id": "RHSA-2026:10184", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:10184" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13571", "reference_id": "RHSA-2026:13571", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:13571" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14272", "reference_id": "RHSA-2026:14272", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14272" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14276", "reference_id": "RHSA-2026:14276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:14276" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17668", "reference_id": "RHSA-2026:17668", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17668" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17789", "reference_id": "RHSA-2026:17789", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:17789" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18054", "reference_id": "RHSA-2026:18054", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18054" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18055", "reference_id": "RHSA-2026:18055", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18055" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:18059", "reference_id": "RHSA-2026:18059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:18059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:22619", "reference_id": "RHSA-2026:22619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:22619" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7109", "reference_id": "RHSA-2026:7109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7380", "reference_id": "RHSA-2026:7380", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7380" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8159", "reference_id": "RHSA-2026:8159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8509", "reference_id": "RHSA-2026:8509", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:8509" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/113032?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.132.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7c2r-a8z2-87en" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.132.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/113033?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.10.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7c2r-a8z2-87en" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.10.Final" } ], "aliases": [ "CVE-2026-33870", "GHSA-pwqr-wmgm-9rr8" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8n29-ssr1-6ydr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47343?format=api", "vulnerability_id": "VCID-addw-cfsb-6uhy", "summary": "Netty's HttpPostRequestDecoder can OOM\nThe `HttpPostRequestDecoder` can be tricked to accumulate data. I have spotted currently two attack vectors", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29025.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29025", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.57217", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-29025" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29025" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/" } ], "url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/" } ], "url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c" }, { "reference_url": "https://github.com/vietj/netty/tree/post-request-decoder", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/vietj/netty/tree/post-request-decoder" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00015.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110", "reference_id": "1068110", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068110" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907", "reference_id": "2272907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272907" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025", "reference_id": "CVE-2024-29025", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29025" }, { "reference_url": "https://github.com/advisories/GHSA-5jpm-x58v-624v", "reference_id": "GHSA-5jpm-x58v-624v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5jpm-x58v-624v" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", "reference_id": "GHSA-5jpm-x58v-624v", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-19T15:54:48Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3550", "reference_id": "RHSA-2024:3550", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3550" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4460", "reference_id": "RHSA-2024:4460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5479", "reference_id": "RHSA-2024:5479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5481", "reference_id": "RHSA-2024:5481", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5481" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5482", "reference_id": "RHSA-2024:5482", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6657", "reference_id": "RHSA-2024:6657", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6657" }, { "reference_url": "https://usn.ubuntu.com/7284-1/", "reference_id": "USN-7284-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7284-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69556?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.108.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7c2r-a8z2-87en" }, { "vulnerability": "VCID-8n29-ssr1-6ydr" }, { "vulnerability": "VCID-tdx9-auyq-sugr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.108.Final" } ], "aliases": [ "CVE-2024-29025", "GHSA-5jpm-x58v-624v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-addw-cfsb-6uhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/58065?format=api", "vulnerability_id": "VCID-tdx9-auyq-sugr", "summary": "Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions\nA flaw in netty's parsing of chunk extensions in HTTP/1.1 messages with chunked encoding can lead to request smuggling issues with some reverse proxies.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26816", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-58056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056" }, { "reference_url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding" }, { "reference_url": "https://github.com/github/advisory-database/pull/6092", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/github/advisory-database/pull/6092" }, { "reference_url": "https://github.com/JLLeitschuh/unCVEed/issues/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/JLLeitschuh/unCVEed/issues/1" }, { "reference_url": "https://github.com/netty/netty", "reference_id": "", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/netty/netty" }, { "reference_url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284" }, { "reference_url": "https://github.com/netty/netty/issues/15522", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/netty/netty/issues/15522" }, { "reference_url": "https://github.com/netty/netty/pull/15611", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/netty/netty/pull/15611" }, { "reference_url": "https://w4ke.info/2025/06/18/funky-chunks.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://w4ke.info/2025/06/18/funky-chunks.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995", "reference_id": "1113995", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996", "reference_id": "2392996", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2392996" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056", "reference_id": "CVE-2025-58056", "reference_type": "", "scores": [ { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58056" }, { "reference_url": "https://github.com/advisories/GHSA-fghv-69vj-qj49", "reference_id": "GHSA-fghv-69vj-qj49", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fghv-69vj-qj49" }, { "reference_url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49", "reference_id": "GHSA-fghv-69vj-qj49", "reference_type": "", "scores": [ { "value": "2.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "LOW", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/" } ], "url": "https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17187", "reference_id": "RHSA-2025:17187", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17187" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17298", "reference_id": "RHSA-2025:17298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17299", "reference_id": "RHSA-2025:17299", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17299" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17317", "reference_id": "RHSA-2025:17317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17318", "reference_id": "RHSA-2025:17318", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17318" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17563", "reference_id": "RHSA-2025:17563", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17563" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:17567", "reference_id": "RHSA-2025:17567", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:17567" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18028", "reference_id": "RHSA-2025:18028", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18028" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18076", "reference_id": "RHSA-2025:18076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:18076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21148", "reference_id": "RHSA-2025:21148", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:21148" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3102", "reference_id": "RHSA-2026:3102", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3102" }, { "reference_url": "https://usn.ubuntu.com/7918-1/", "reference_id": "USN-7918-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7918-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/86396?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.1.125.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7c2r-a8z2-87en" }, { "vulnerability": "VCID-8n29-ssr1-6ydr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.125.Final" }, { "url": "http://public2.vulnerablecode.io/api/packages/86397?format=api", "purl": "pkg:maven/io.netty/netty-codec-http@4.2.5.Final", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-7c2r-a8z2-87en" }, { "vulnerability": "VCID-8n29-ssr1-6ydr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.5.Final" } ], "aliases": [ "CVE-2025-58056", "GHSA-fghv-69vj-qj49" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tdx9-auyq-sugr" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.96.Final" }