Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netty vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-3488
The SslHandler in Netty prior to 3.9.2 allows remote malicious users to cause a denial of service (infinite loop and CPU consumption) via a crafted SSLv2Hello message.
Netty Netty 3.8.1
Netty Netty 3.8.0
Netty Netty 3.7.0
Netty Netty 3.6.8
Netty Netty
Netty Netty 3.9.0
Netty Netty 3.6.7
Netty Netty 3.6.5
Netty Netty 3.6.3
Netty Netty 3.6.2
Netty Netty 3.6.1
Netty Netty 3.6.0
Netty Netty 3.9.1
Netty Netty 3.6.6
Netty Netty 3.6.4
1 Github repository
7.5
CVSSv3
CVE-2015-2156
Netty prior to 3.9.8.Final, 3.10.x prior to 3.10.3.Final, 4.0.x prior to 4.0.28.Final, and 4.1.x prior to 4.1.0.Beta5 and Play Framework 2.x prior to 2.3.9 might allow remote malicious users to bypass the httpOnly flag on cookies and obtain sensitive information by leveraging imp...
Netty Netty 4.0.16
Netty Netty 4.0.17
Netty Netty 4.0.18
Netty Netty 4.0.19
Netty Netty 4.0.20
Netty Netty 4.0.21
Netty Netty 4.0.22
Netty Netty 4.0.23
Netty Netty 4.0.24
Netty Netty 4.0.25
Netty Netty 4.0.26
Netty Netty 4.0.27
Netty Netty
Netty Netty 3.10.0
Netty Netty 3.10.1
Netty Netty 3.10.2
Netty Netty 4.0.1
Netty Netty 4.0.2
Netty Netty 4.0.3
Netty Netty 4.0.4
Netty Netty 4.0.5
Netty Netty 4.0.6
6.5
CVSSv3
CVE-2023-34462
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel d...
Netty Netty
7.5
CVSSv3
CVE-2020-5403
Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response.
Pivotal Reactor Netty 0.9.3
Pivotal Reactor Netty 0.9.4
7.5
CVSSv3
CVE-2022-41881
Netty project is an event-driven asynchronous network application framework. In versions before 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no worka...
Netty Netty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
6.5
CVSSv3
CVE-2022-41915
Netty project is an event-driven asynchronous network application framework. Starting in version 4.1.83.Final and before 4.1.86.Final, when calling `DefaultHttpHeadesr.set` with an _iterator_ of values, header value validation was not performed, allowing malicious header values i...
Netty Netty
Debian Debian Linux 10.0
Debian Debian Linux 11.0
4.3
CVSSv3
CVE-2022-31684
Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is...
Pivotal Reactor Netty
5.9
CVSSv3
CVE-2020-5404
The HttpClient from Reactor Netty, versions 0.9.x before 0.9.5, and versions 0.8.x before 0.8.16, may be used incorrectly, leading to a credentials leak during a redirect to a different domain. In order for this to happen, the HttpClient must have been explicitly configured to fo...
Pivotal Reactor Netty
8.6
CVSSv3
CVE-2019-11284
Pivotal Reactor Netty, versions before 0.8.11, passes headers through redirects, including authorization ones. A remote unauthenticated malicious user may gain access to credentials for a different server than they have access to.
Pivotal Reactor Netty
7.5
CVSSv3
CVE-2023-34054
In Reactor Netty HTTP Server, versions 1.1.x before 1.1.13 and versions 1.0.x before 1.0.39, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable if Reactor Netty HTTP ...
Pivotal Reactor Netty
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injection
CVE-2024-30983
CVE-2023-4235
CVE-2024-21338
privilege
encryption
CVE-2023-4232
CVE-2024-31497
CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »