CNNVD-202512-3127 Information

CNNVD ID

CNNVD-202512-3127

Related CVE

CVE-2025-67735

• CNNVD Published: 2025-12-16

Description (Chinese)

Netty是Netty社区的一款非阻塞I/O客户端-服务器框架，它主要用于开发Java网络应用程序，如协议服务器和客户端等。 Netty 4.1.129.Final之前版本和4.2.8.Final之前版本存在注入漏洞，该漏洞源于HttpRequestEncoder存在CRLF注入问题，可能导致请求夹带攻击。

Description (English)

Netty is a non-stop I/O client-server framework for Netty ’ s community, which is used mainly to develop Java web applications, such as protocol servers and clients. Netty 4.1.129. Final has an injection loophole in its previous version and in its previous version 4.2.8.

Hazard Level

High

Vulnerability Type

注入

Affected Vendor

Netty

Published

2025-12-16

Last Modified

2026-02-24

References

https://github.com/netty/netty/security/advisories/GHSA-84h7-rjj3-6jx4 https://www.oracle.com/security-alerts/cpujan2026.html

Patch

https://netty.io/downloads.html