io.netty%3Anetty-codec-http2@4.1.31.Final vulnerabilities
-
latest version
4.1.109.Final
-
latest non vulnerable version
-
first published
9 years ago
-
latest version published
a month ago
-
licenses detected
- [4.1.0.Beta4,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the io.netty%3Anetty-codec-http2 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation. How to fix Denial of Service (DoS)? Upgrade |
[,4.1.100.Final)
|
io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to HTTP Request Smuggling. The content-length header is not correctly validated if the request only uses a single How to fix HTTP Request Smuggling? Upgrade |
[,4.1.61.Final)
|
io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to HTTP Request Smuggling. If a Content-Length header is present in the original HTTP/2 request, the field is not validated by An additional case of this vulnerability was fixed in 4.1.61.Final (CVE-2021-21409). How to fix HTTP Request Smuggling? Upgrade |
[,4.1.60.Final)
|
io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Denial of Service (DoS). A Netty based HTTP/2 server could be forced to consume substantial CPU resources by sending it an unbounded sequence of empty DATA frames that do not have END_STREAM set on them. How to fix Denial of Service (DoS)? Upgrade |
[,4.1.39.Final)
|
io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Denial of Service (DoS). A Netty based HTTP/2 server can be forced to buffer unbounded amounts of memory when flooded with control frames that require an automatic response. How to fix Denial of Service (DoS)? Upgrade |
[,4.1.39.Final)
|
io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Denial of Service (DoS). A Netty based HTTP/2 server can be forced to buffer unbounded amounts of memory when flooded with control frames that require an automatic response. How to fix Denial of Service (DoS)? Upgrade |
[,4.1.39.Final)
|
io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Denial of Service (DoS). A Netty based HTTP/2 server can be forced to buffer unbounded amounts of memory when flooded with control frames that require an automatic response. How to fix Denial of Service (DoS)? Upgrade |
[,4.1.39.Final)
|