Vulnerability	Vulnerable Version
H Improper Handling of Highly Compressed Data (Data Amplification) io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework. Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) in the `HttpContentDecompressor` and `DelegatingDecompressorFrameListener` components when the `Content-Encoding` header is set to `br`, `zstd`, or `snappy`. An attacker can exhaust system memory and cause a denial of service by sending a highly compressed payload that decompresses to a very large size, bypassing the configured decompression limit. How to fix Improper Handling of Highly Compressed Data (Data Amplification)? Upgrade `io.netty:netty-codec-http2` to version 4.1.133.Final, 4.2.13.Final or higher.	[,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)

Improper Handling of Highly Compressed Data (Data Amplification)

io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework.

Affected versions of this package are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) in the HttpContentDecompressor and DelegatingDecompressorFrameListener components when the Content-Encoding header is set to br, zstd, or snappy. An attacker can exhaust system memory and cause a denial of service by sending a highly compressed payload that decompresses to a very large size, bypassing the configured decompression limit.

How to fix Improper Handling of Highly Compressed Data (Data Amplification)?

Upgrade io.netty:netty-codec-http2 to version 4.1.133.Final, 4.2.13.Final or higher.

[,4.1.133.Final)[4.2.0.Alpha1,4.2.13.Final)

Go back to all versions of this package