VYPR

Maven package

io.netty/netty-codec-redis

pkg:maven/io.netty/netty-codec-redis

Vulnerabilities (2)

  • CVE-2026-48006HigJun 12, 2026
    affected >= 4.2.0.Final, < 4.2.15.Finalfixed 4.2.15.Final

    Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array

  • CVE-2026-42586MedMay 13, 2026
    affected >= 4.2.0.Alpha1, < 4.2.13.Finalfixed 4.2.13.Final

    Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\r\n) cha