{"url":"http://public2.vulnerablecode.io/api/packages/857740?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.114.Final","type":"maven","namespace":"io.netty","name":"netty-codec-http","version":"4.1.114.Final","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.1.133.Final","latest_non_vulnerable_version":"4.2.13.Final","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60206?format=json","vulnerability_id":"VCID-31ny-wxsb-c7gg","summary":"netty: io.netty/netty-codec-http: io.netty/netty-codec-http2: Netty: Denial of Service via unbounded memory allocation in HTTP content decompression","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42587.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42587.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42587","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04713","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04774","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04764","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04751","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42587"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42587","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42587"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty/security/advisories/GHSA-f6hv-jmp6-3vwv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42587","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42587"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477220","reference_id":"2477220","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477220"},{"reference_url":"https://github.com/advisories/GHSA-f6hv-jmp6-3vwv","reference_id":"GHSA-f6hv-jmp6-3vwv","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f6hv-jmp6-3vwv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114484?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126342?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/114482?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126343?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42587","GHSA-f6hv-jmp6-3vwv"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-31ny-wxsb-c7gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60681?format=json","vulnerability_id":"VCID-7c2r-a8z2-87en","summary":"netty: Netty: HTTP request smuggling via URI manipulation and CRLF injection","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41417.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41417","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05626","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05611","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06172","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06218","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-41417"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41417"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-07T13:59:21Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-v8h7-rr48-vmmv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41417","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-41417"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023","reference_id":"1136023","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1136023"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467540","reference_id":"2467540","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467540"},{"reference_url":"https://github.com/advisories/GHSA-v8h7-rr48-vmmv","reference_id":"GHSA-v8h7-rr48-vmmv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v8h7-rr48-vmmv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114484?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126342?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/114482?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126343?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-41417","GHSA-v8h7-rr48-vmmv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7c2r-a8z2-87en"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60208?format=json","vulnerability_id":"VCID-8e9f-e1k3-f7ab","summary":"netty: io.netty/netty-codec-http: Netty: Request smuggling via malformed Transfer-Encoding parsing","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42585.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42585.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42585","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01679","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01681","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01687","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42585"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42585","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42585"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://datatracker.ietf.org/doc/html/rfc9112#name-message-body-length"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-15T20:33:59Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-38f8-5428-x5cv"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42585","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42585"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477227","reference_id":"2477227","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477227"},{"reference_url":"https://github.com/advisories/GHSA-38f8-5428-x5cv","reference_id":"GHSA-38f8-5428-x5cv","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-38f8-5428-x5cv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114484?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126342?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/114482?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126343?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42585","GHSA-38f8-5428-x5cv"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8e9f-e1k3-f7ab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64132?format=json","vulnerability_id":"VCID-8n29-ssr1-6ydr","summary":"io.netty/netty-codec-http: Netty: Request smuggling via incorrect parsing of HTTP/1.1 chunked transfer encoding extension values","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33870","reference_id":"","reference_type":"","scores":[{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08333","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08397","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.08409","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00028","scoring_system":"epss","scoring_elements":"0.0839","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33870"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-pwqr-wmgm-9rr8"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33870","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33870"},{"reference_url":"https://w4ke.info/2025/06/18/funky-chunks.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/"}],"url":"https://w4ke.info/2025/06/18/funky-chunks.html"},{"reference_url":"https://w4ke.info/2025/10/29/funky-chunks-2.html","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/"}],"url":"https://w4ke.info/2025/10/29/funky-chunks-2.html"},{"reference_url":"https://www.rfc-editor.org/rfc/rfc9110","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:55:28Z/"}],"url":"https://www.rfc-editor.org/rfc/rfc9110"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229","reference_id":"1132229","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1132229"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452453","reference_id":"2452453","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452453"},{"reference_url":"https://github.com/advisories/GHSA-pwqr-wmgm-9rr8","reference_id":"GHSA-pwqr-wmgm-9rr8","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-pwqr-wmgm-9rr8"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10175","reference_id":"RHSA-2026:10175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:13571","reference_id":"RHSA-2026:13571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:13571"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14272","reference_id":"RHSA-2026:14272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:14276","reference_id":"RHSA-2026:14276","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:14276"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17668","reference_id":"RHSA-2026:17668","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17668"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:17789","reference_id":"RHSA-2026:17789","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:17789"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18054","reference_id":"RHSA-2026:18054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18055","reference_id":"RHSA-2026:18055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:18059","reference_id":"RHSA-2026:18059","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:18059"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:22619","reference_id":"RHSA-2026:22619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:22619"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7109","reference_id":"RHSA-2026:7109","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7109"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7380","reference_id":"RHSA-2026:7380","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7380"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8159","reference_id":"RHSA-2026:8159","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8159"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:8509","reference_id":"RHSA-2026:8509","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:8509"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/113032?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.132.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31ny-wxsb-c7gg"},{"vulnerability":"VCID-7c2r-a8z2-87en"},{"vulnerability":"VCID-8e9f-e1k3-f7ab"},{"vulnerability":"VCID-efpd-xda2-2khy"},{"vulnerability":"VCID-nf3c-b2gw-87b3"},{"vulnerability":"VCID-uxn5-ftbb-5fge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.132.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/113033?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.10.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31ny-wxsb-c7gg"},{"vulnerability":"VCID-7c2r-a8z2-87en"},{"vulnerability":"VCID-8e9f-e1k3-f7ab"},{"vulnerability":"VCID-efpd-xda2-2khy"},{"vulnerability":"VCID-nf3c-b2gw-87b3"},{"vulnerability":"VCID-uxn5-ftbb-5fge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.10.Final"}],"aliases":["CVE-2026-33870","GHSA-pwqr-wmgm-9rr8"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8n29-ssr1-6ydr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60209?format=json","vulnerability_id":"VCID-efpd-xda2-2khy","summary":"netty: io.netty/netty-codec-http: Netty: Incorrect HTTP response parsing leads to data confusion","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42584.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42584.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42584","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03836","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0387","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.03859","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42584"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42584","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42584"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:35:01Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-57rv-r2g8-2cj3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42584","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42584"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477224","reference_id":"2477224","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477224"},{"reference_url":"https://github.com/advisories/GHSA-57rv-r2g8-2cj3","reference_id":"GHSA-57rv-r2g8-2cj3","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-57rv-r2g8-2cj3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114484?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126342?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/114482?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126343?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42584","GHSA-57rv-r2g8-2cj3"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-efpd-xda2-2khy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60213?format=json","vulnerability_id":"VCID-nf3c-b2gw-87b3","summary":"netty: io.netty/netty-codec-http: Netty: HTTP Request Smuggling due to improper handling of conflicting HTTP/1.0 headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42581.json","reference_id":"","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42581.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42581","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04454","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04511","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04501","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04489","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42581"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42581","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42581"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:42:38Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-xxqh-mfjm-7mv9"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42581","reference_id":"","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42581"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477232","reference_id":"2477232","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477232"},{"reference_url":"https://github.com/advisories/GHSA-xxqh-mfjm-7mv9","reference_id":"GHSA-xxqh-mfjm-7mv9","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-xxqh-mfjm-7mv9"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114484?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126342?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/114482?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126343?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42581","GHSA-xxqh-mfjm-7mv9"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nf3c-b2gw-87b3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58065?format=json","vulnerability_id":"VCID-tdx9-auyq-sugr","summary":"Netty vulnerable to request smuggling due to incorrect parsing of chunk extensions\nA flaw in netty's parsing of chunk extensions in HTTP/1.1 messages with chunked encoding can lead to request smuggling issues with some reverse proxies.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-58056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58056","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26712","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26816","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26807","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26767","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58056"},{"reference_url":"https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding"},{"reference_url":"https://github.com/github/advisory-database/pull/6092","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/pull/6092"},{"reference_url":"https://github.com/JLLeitschuh/unCVEed/issues/1","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/JLLeitschuh/unCVEed/issues/1"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284"},{"reference_url":"https://github.com/netty/netty/issues/15522","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/netty/netty/issues/15522"},{"reference_url":"https://github.com/netty/netty/pull/15611","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/netty/netty/pull/15611"},{"reference_url":"https://w4ke.info/2025/06/18/funky-chunks.html","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://w4ke.info/2025/06/18/funky-chunks.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995","reference_id":"1113995","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1113995"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392996","reference_id":"2392996","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2392996"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58056","reference_id":"CVE-2025-58056","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-58056"},{"reference_url":"https://github.com/advisories/GHSA-fghv-69vj-qj49","reference_id":"GHSA-fghv-69vj-qj49","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fghv-69vj-qj49"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49","reference_id":"GHSA-fghv-69vj-qj49","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-04T19:09:52Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17187","reference_id":"RHSA-2025:17187","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17187"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17298","reference_id":"RHSA-2025:17298","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17298"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17299","reference_id":"RHSA-2025:17299","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17299"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17317","reference_id":"RHSA-2025:17317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17318","reference_id":"RHSA-2025:17318","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17318"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17563","reference_id":"RHSA-2025:17563","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17563"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:17567","reference_id":"RHSA-2025:17567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:17567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18028","reference_id":"RHSA-2025:18028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18028"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:18076","reference_id":"RHSA-2025:18076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:18076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21148","reference_id":"RHSA-2025:21148","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21148"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3102","reference_id":"RHSA-2026:3102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3102"},{"reference_url":"https://usn.ubuntu.com/7918-1/","reference_id":"USN-7918-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7918-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/86396?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.125.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31ny-wxsb-c7gg"},{"vulnerability":"VCID-7c2r-a8z2-87en"},{"vulnerability":"VCID-8e9f-e1k3-f7ab"},{"vulnerability":"VCID-8n29-ssr1-6ydr"},{"vulnerability":"VCID-efpd-xda2-2khy"},{"vulnerability":"VCID-nf3c-b2gw-87b3"},{"vulnerability":"VCID-uxn5-ftbb-5fge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.125.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/86397?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.5.Final","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-31ny-wxsb-c7gg"},{"vulnerability":"VCID-7c2r-a8z2-87en"},{"vulnerability":"VCID-8e9f-e1k3-f7ab"},{"vulnerability":"VCID-8n29-ssr1-6ydr"},{"vulnerability":"VCID-efpd-xda2-2khy"},{"vulnerability":"VCID-nf3c-b2gw-87b3"},{"vulnerability":"VCID-uxn5-ftbb-5fge"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.5.Final"}],"aliases":["CVE-2025-58056","GHSA-fghv-69vj-qj49"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tdx9-auyq-sugr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60210?format=json","vulnerability_id":"VCID-uxn5-ftbb-5fge","summary":"netty: Netty: Request smuggling via chunk size parser integer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42580.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-42580.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42580","reference_id":"","reference_type":"","scores":[{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04032","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.04069","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00016","scoring_system":"epss","scoring_elements":"0.0406","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-42580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42580","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42580"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/netty/netty","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/netty/netty"},{"reference_url":"https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T18:21:08Z/"}],"url":"https://github.com/netty/netty/security/advisories/GHSA-m4cv-j2px-7723"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42580","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-42580"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477214","reference_id":"2477214","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477214"},{"reference_url":"https://github.com/advisories/GHSA-m4cv-j2px-7723","reference_id":"GHSA-m4cv-j2px-7723","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m4cv-j2px-7723"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/114484?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126342?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.1.133","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.133"},{"url":"http://public2.vulnerablecode.io/api/packages/114482?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13.Final","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13.Final"},{"url":"http://public2.vulnerablecode.io/api/packages/1126343?format=json","purl":"pkg:maven/io.netty/netty-codec-http@4.2.13","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.2.13"}],"aliases":["CVE-2026-42580","GHSA-m4cv-j2px-7723"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uxn5-ftbb-5fge"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/io.netty/netty-codec-http@4.1.114.Final"}