Search for packages
Package details: pkg:maven/io.netty/netty-codec-http2@4.1.43
purl pkg:maven/io.netty/netty-codec-http2@4.1.43
Tags Ghost
Next non-vulnerable version 4.1.100.Final
Latest non-vulnerable version 4.1.100.Final
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-1nbf-66f8-x7h2
Aliases:
CVE-2020-7238
GHSA-ff2w-cq2g-wv5f
Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace (such as a [space]Transfer-Encoding:chunked line) and a later Content-Length header. This issue exists because of an incomplete fix for CVE-2019-16869.
4.1.44.Final
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-07-03T13:54:58.979537+00:00 GitLab Importer Affected by VCID-1nbf-66f8-x7h2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/io.netty/netty-codec-http2/CVE-2020-7238.yml 36.1.3