Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netty vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2014-3488
The SslHandler in Netty prior to 3.9.2 allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
Netty Netty 3.8.1
Netty Netty 3.8.0
Netty Netty 3.7.0
Netty Netty 3.6.8
Netty Netty
Netty Netty 3.9.0
Netty Netty 3.6.7
Netty Netty 3.6.5
Netty Netty 3.6.3
Netty Netty 3.6.2
Netty Netty 3.6.1
Netty Netty 3.6.0
Netty Netty 3.9.1
Netty Netty 3.6.6
Netty Netty 3.6.4
1 Github repository
384
VMScore
CVE-2015-2156
Netty prior to 3.9.8.Final, 3.10.x prior to 3.10.3.Final, 4.0.x prior to 4.0.28.Final, and 4.1.x prior to 4.1.0.Beta5 and Play Framework 2.x prior to 2.3.9 might allow remote malicious users to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging imp...
Netty Netty 4.0.16
Netty Netty 4.0.17
Netty Netty 4.0.18
Netty Netty 4.0.19
Netty Netty 4.0.20
Netty Netty 4.0.21
Netty Netty 4.0.22
Netty Netty 4.0.23
Netty Netty 4.0.24
Netty Netty 4.0.25
Netty Netty 4.0.26
Netty Netty 4.0.27
Netty Netty
Netty Netty 3.10.0
Netty Netty 3.10.1
Netty Netty 3.10.2
Netty Netty 4.0.1
Netty Netty 4.0.2
Netty Netty 4.0.3
Netty Netty 4.0.4
Netty Netty 4.0.5
Netty Netty 4.0.6
NA
CVE-2023-34462
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel d...
Netty Netty
445
VMScore
CVE-2020-5403
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.
Pivotal Reactor Netty 0.9.3
Pivotal Reactor Netty 0.9.4
NA
CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions before 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no worka...
Netty Netty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2022-41915
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and before 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values i...
Netty Netty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
NA
CVE-2023-34054
In Reactor Netty HTTP Server, versions 1.1.x before 1.1.13 and versions 1.0.x before 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP ...
Pivotal Reactor Netty
NA
CVE-2023-34062
In Reactor Netty HTTP Server, versions 1.1.x before 1.1.13 and versions 1.0.x before 1.0.39, a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack. Specifically, an application is vulnerable if Reactor Netty HTTP Server is...
Pivotal Reactor Netty
2 Github repositories
NA
CVE-2022-31684
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is...
Pivotal Reactor Netty
436
VMScore
CVE-2020-5404
The HttpClient from Reactor Netty, versions 0.9.x before 0.9.5, and versions 0.8.x before 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to fo...
Pivotal Reactor Netty
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
hardcoded
arbitrary code
CVE-2024-2404
CVE-2024-21111
CVE-2024-28627
CVE-2024-4073
information disclosure
CVE-2024-32780
CVE-2024-4040
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »