Maven package
io.netty/netty-codec-redis
pkg:maven/io.netty/netty-codec-redis
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48006 | Hig | 7.5 | >= 4.2.0.Final, < 4.2.15.Final | 4.2.15.Final | Jun 12, 2026 | Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array | |
| CVE-2026-42586 | Med | 6.8 | >= 4.2.0.Alpha1, < 4.2.13.Final | 4.2.13.Final | May 13, 2026 | Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\r\n) cha |
- affected >= 4.2.0.Final, < 4.2.15.Finalfixed 4.2.15.Final
Netty is a network application framework for development of protocol servers and clients. Prior to versions 4.1.135.Final and 4.2.15.Final, the RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array
- affected >= 4.2.0.Alpha1, < 4.2.13.Finalfixed 4.2.13.Final
Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content directly to the network output buffer without validating or sanitizing CRLF (\r\n) cha