[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-58056":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T20:55:33.689Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":27,"aliases":37,"duplicate_of":9,"upstream":39,"downstream":40,"duplicates":59,"related":60,"reserved_at":9,"published_at":167,"modified_at":168,"state":169,"summary":170,"references_raw":178,"kevs":233,"epss":234,"epss_history":237,"metrics":510,"affected":523},"CVE-2025-58056","Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a chunk-size line terminator, regardless of a preceding carriage return (CR), instead of requiring CRLF per HTTP/1.1 standards. When combined with reverse proxies that parse LF differently (treating it as part of the chunk extension), attackers can craft requests that the proxy sees as one request but Netty processes as two, enabling request smuggling attacks. This is fixed in versions 4.1.125.Final and 4.2.5.Final.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-444","Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')","The product acts as an intermediary HTTP agent\n         (such as a proxy or firewall) in the data flow between two\n         entities such as a client and server, but it does not\n         interpret malformed HTTP requests or responses in ways that\n         are consistent with how the messages will be processed by\n         those entities that are at the ultimate destination.","weakness","Incomplete","Base",[19,23],{"id":20,"name":21,"techniques":22},"CAPEC-273","HTTP Response Smuggling",[],{"id":24,"name":25,"techniques":26},"CAPEC-33","HTTP Request Smuggling",[],[28],{"_key":29,"name":30,"source":31,"url":32,"maturity":33,"reliability_score":34,"verified":35,"type":9,"platforms":36,"requires_auth":9,"exploitdb":9,"metasploit":9},"GITHUB_NETTY_NETTY","Netty","github","https://github.com/netty/netty/issues/2562","poc",0.3,false,[],[38],"GHSA-fghv-69vj-qj49",[],[41,43,45,47,49,51,53,55,57],{"_key":42},"UBUNTU-CVE-2025-58056",{"_key":44},"SUSE-SU-2025:03114-1",{"_key":46},"DSA-6160-1",{"_key":48},"OPENSUSE-SU-2025:15520-1",{"_key":50},"DLA-4519-1",{"_key":52},"USN-7918-1",{"_key":54},"DEBIAN-CVE-2025-58056",{"_key":56},"RHSA-2025:17298",{"_key":58},"RHSA-2025:17317",[],[61,62,63,65,67,69,71,73,75,77,79,81,83,85,87,89,91,93,95,97,99,101,103,105,107,109,111,113,115,117,119,121,123,125,127,129,131,133,135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165],{"_key":44},{"_key":48},{"_key":64},"CGA-43GX-4JCF-CR8C",{"_key":66},"CGA-6HRV-VPJ4-F67F",{"_key":68},"CGA-PPQ8-62FF-85Q8",{"_key":70},"CGA-2PM8-RCWR-Q5FV",{"_key":72},"CGA-2RG8-CVQ4-V6QX",{"_key":74},"CGA-2X72-CHWF-H9PP",{"_key":76},"CGA-3R78-54M8-X85P",{"_key":78},"CGA-3XCP-M2VP-FF97",{"_key":80},"CGA-488J-8QJF-X6JX",{"_key":82},"CGA-4WF6-JF64-RJ58",{"_key":84},"CGA-52VJ-6V7V-2782",{"_key":86},"CGA-57PP-WR8G-972F",{"_key":88},"CGA-58R8-2MHQ-HXC8",{"_key":90},"CGA-5CMG-MJ3P-22RM",{"_key":92},"CGA-64F9-HHC2-927M",{"_key":94},"CGA-6JMX-8VQ2-XFGR",{"_key":96},"CGA-886C-PH34-FQJ9",{"_key":98},"CGA-8947-4CJV-4W4R",{"_key":100},"CGA-8J78-2PM4-QQHQ",{"_key":102},"CGA-958Q-9FW5-HX7F",{"_key":104},"CGA-97P8-FJRW-4JM9",{"_key":106},"CGA-97VJ-99Q7-6JRX",{"_key":108},"CGA-9972-86WH-C67W",{"_key":110},"CGA-9CJG-9GR7-5Q7V",{"_key":112},"CGA-9QMW-4XPH-7JGC",{"_key":114},"CGA-9WPH-5MR2-77CC",{"_key":116},"CGA-C7RQ-FFJ6-8VG9",{"_key":118},"CGA-CJV4-Q4C5-R6FH",{"_key":120},"CGA-CPMH-H463-VGC8",{"_key":122},"CGA-F6X9-GW43-494W",{"_key":124},"CGA-G59F-VRMH-WXFP",{"_key":126},"CGA-GHQH-93J2-2G5M",{"_key":128},"CGA-GRCC-QX94-3J9G",{"_key":130},"CGA-H366-V7F3-6FCP",{"_key":132},"CGA-H4QJ-8MGG-HR88",{"_key":134},"CGA-HRFG-29QR-M79H",{"_key":136},"CGA-JHRM-M6R7-4243",{"_key":138},"CGA-JR3Q-9MPW-X288",{"_key":140},"CGA-JXM7-49MR-VJ73",{"_key":142},"CGA-P695-6PCF-24WH",{"_key":144},"CGA-P6W4-9R49-F5M4",{"_key":146},"CGA-PGMG-CGRG-GVPC",{"_key":148},"CGA-PR2J-648F-86CJ",{"_key":150},"CGA-Q93H-R827-V9H9",{"_key":152},"CGA-QMX6-MH4W-GV69",{"_key":154},"CGA-QW3H-36CM-5F29",{"_key":156},"CGA-WJ9G-862C-XFXX",{"_key":158},"CGA-WRC7-7V3Q-P6RX",{"_key":160},"CGA-X4J8-6PXV-XJ39",{"_key":162},"CGA-X9WP-GC38-V6XR",{"_key":164},"CGA-XQ6V-6768-R946",{"_key":166},"CGA-M69W-WRPW-2FJG","2025-09-03T20:56:50.732Z","2025-09-05T18:41:21.428Z","Analyzed",{"cisa_kev":35,"cisa_ransomware":35,"cisa_vendor":9,"epss_severity":171,"epss_score":172,"severity":173,"severity_score":174,"severity_version":175,"severity_source":176,"severity_vector":177,"severity_status":169},"low",0.00097,"high",7.5,"v3.1","nvd","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",[179,189,196,200,205,209,214,219,224,228],{"url":180,"sources":181,"tags":184},"https://github.com/netty/netty/security/advisories/GHSA-fghv-69vj-qj49",[182,176,183],"cve.org","osv_maven",[185,186,187,188],"X Refsource CONFIRM","Exploit","Vendor Advisory","WEB",{"url":190,"sources":191,"tags":192},"https://github.com/JLLeitschuh/unCVEed/issues/1",[182,176,183],[193,194,195,188],"X Refsource MISC","Issue Tracking","Third Party Advisory",{"url":197,"sources":198,"tags":199},"https://github.com/netty/netty/issues/15522",[182,176,183],[193,194,188],{"url":201,"sources":202,"tags":203},"https://github.com/netty/netty/pull/15611",[182,176,183],[193,194,204,188],"Patch",{"url":206,"sources":207,"tags":208},"https://github.com/netty/netty/commit/edb55fd8e0a3bcbd85881e423464f585183d1284",[182,176,183],[193,204,188],{"url":210,"sources":211,"tags":212},"https://datatracker.ietf.org/doc/html/rfc9112#name-chunked-transfer-coding",[182,176,183],[193,213,188],"Technical Description",{"url":215,"sources":216,"tags":217},"https://w4ke.info/2025/06/18/funky-chunks.html",[182,176,183],[193,218,188],"Broken Link",{"url":220,"sources":221,"tags":222},"https://nvd.nist.gov/vuln/detail/CVE-2025-58056",[183],[223],"Advisory",{"url":225,"sources":226,"tags":227},"https://github.com/github/advisory-database/pull/6092",[183],[188],{"url":229,"sources":230,"tags":231},"https://github.com/netty/netty",[183],[232],"PACKAGE",[],{"date":235,"score":172,"percentile":236},"2026-06-05",0.26816,[238,242,245,248,251,254,256,260,263,266,269,272,275,278,280,284,287,290,293,296,299,302,305,308,311,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,365,368,371,374,377,380,383,386,389,392,395,398,401,403,406,409,412,415,418,422,426,429,432,435,438,441,444,447,450,453,456,459,462,465,468,471,474,477,480,483,486,489,492,494,497,500,503,507],{"date":239,"score":240,"percentile":241},"2025-11-04",0.00026,0.05968,{"date":243,"score":240,"percentile":244},"2025-11-05",0.05987,{"date":246,"score":240,"percentile":247},"2025-11-06",0.06104,{"date":249,"score":240,"percentile":250},"2025-11-07",0.06112,{"date":252,"score":240,"percentile":253},"2025-11-08",0.06119,{"date":255,"score":240,"percentile":250},"2025-11-09",{"date":257,"score":258,"percentile":259},"2025-11-10",0.00028,0.06521,{"date":261,"score":258,"percentile":262},"2025-11-11",0.06548,{"date":264,"score":258,"percentile":265},"2025-11-12",0.06588,{"date":267,"score":258,"percentile":268},"2025-11-13",0.06624,{"date":270,"score":258,"percentile":271},"2025-11-14",0.06651,{"date":273,"score":258,"percentile":274},"2025-11-15",0.0668,{"date":276,"score":258,"percentile":277},"2025-11-16",0.06691,{"date":279,"score":258,"percentile":277},"2025-11-17",{"date":281,"score":282,"percentile":283},"2025-11-18",0.00065,0.15976,{"date":285,"score":282,"percentile":286},"2025-11-19",0.15986,{"date":288,"score":282,"percentile":289},"2025-11-20",0.1597,{"date":291,"score":258,"percentile":292},"2025-11-21",0.06816,{"date":294,"score":258,"percentile":295},"2025-11-22",0.06804,{"date":297,"score":258,"percentile":298},"2025-11-23",0.06787,{"date":300,"score":258,"percentile":301},"2025-11-24",0.06767,{"date":303,"score":258,"percentile":304},"2025-11-25",0.06769,{"date":306,"score":258,"percentile":307},"2025-11-26",0.06772,{"date":309,"score":258,"percentile":310},"2025-11-27",0.06768,{"date":312,"score":313,"percentile":314},"2025-11-28",0.00024,0.05481,{"date":316,"score":313,"percentile":317},"2025-11-29",0.05524,{"date":319,"score":313,"percentile":320},"2025-11-30",0.05523,{"date":322,"score":258,"percentile":323},"2025-12-01",0.06844,{"date":325,"score":258,"percentile":326},"2025-12-02",0.06854,{"date":328,"score":258,"percentile":329},"2025-12-03",0.06868,{"date":331,"score":313,"percentile":332},"2025-12-04",0.05604,{"date":334,"score":313,"percentile":335},"2025-12-05",0.05669,{"date":337,"score":313,"percentile":338},"2025-12-06",0.05681,{"date":340,"score":313,"percentile":341},"2025-12-07",0.05676,{"date":343,"score":313,"percentile":344},"2025-12-08",0.05671,{"date":346,"score":313,"percentile":347},"2025-12-09",0.05714,{"date":349,"score":313,"percentile":350},"2025-12-10",0.05787,{"date":352,"score":313,"percentile":353},"2025-12-11",0.05783,{"date":355,"score":313,"percentile":356},"2025-12-12",0.05813,{"date":358,"score":313,"percentile":359},"2025-12-13",0.05852,{"date":361,"score":313,"percentile":362},"2025-12-14",0.05824,{"date":364,"score":313,"percentile":362},"2025-12-15",{"date":366,"score":313,"percentile":367},"2025-12-16",0.05841,{"date":369,"score":313,"percentile":370},"2025-12-17",0.05905,{"date":372,"score":313,"percentile":373},"2025-12-18",0.05952,{"date":375,"score":313,"percentile":376},"2025-12-19",0.05938,{"date":378,"score":313,"percentile":379},"2025-12-20",0.05931,{"date":381,"score":313,"percentile":382},"2025-12-21",0.05921,{"date":384,"score":313,"percentile":385},"2025-12-22",0.05889,{"date":387,"score":313,"percentile":388},"2025-12-23",0.05897,{"date":390,"score":313,"percentile":391},"2025-12-24",0.05932,{"date":393,"score":313,"percentile":394},"2025-12-25",0.05965,{"date":396,"score":313,"percentile":397},"2025-12-26",0.05963,{"date":399,"score":313,"percentile":400},"2025-12-27",0.05957,{"date":402,"score":313,"percentile":400},"2025-12-28",{"date":404,"score":313,"percentile":405},"2025-12-29",0.0594,{"date":407,"score":313,"percentile":408},"2025-12-30",0.05947,{"date":410,"score":313,"percentile":411},"2025-12-31",0.05984,{"date":413,"score":258,"percentile":414},"2026-01-01",0.07293,{"date":416,"score":258,"percentile":417},"2026-01-02",0.07289,{"date":419,"score":420,"percentile":421},"2026-01-03",0.0003,0.08312,{"date":423,"score":424,"percentile":425},"2026-01-04",0.00027,0.068,{"date":427,"score":424,"percentile":428},"2026-01-05",0.06754,{"date":430,"score":424,"percentile":431},"2026-01-06",0.06748,{"date":433,"score":424,"percentile":434},"2026-01-07",0.06773,{"date":436,"score":424,"percentile":437},"2026-01-08",0.0683,{"date":439,"score":424,"percentile":440},"2026-01-09",0.06847,{"date":442,"score":424,"percentile":443},"2026-01-10",0.06881,{"date":445,"score":424,"percentile":446},"2026-01-11",0.06869,{"date":448,"score":424,"percentile":449},"2026-01-12",0.06838,{"date":451,"score":424,"percentile":452},"2026-01-13",0.06827,{"date":454,"score":424,"percentile":455},"2026-01-14",0.0694,{"date":457,"score":424,"percentile":458},"2026-01-15",0.06947,{"date":460,"score":424,"percentile":461},"2026-01-16",0.0696,{"date":463,"score":424,"percentile":464},"2026-01-17",0.06974,{"date":466,"score":424,"percentile":467},"2026-01-18",0.06949,{"date":469,"score":424,"percentile":470},"2026-01-19",0.06904,{"date":472,"score":424,"percentile":473},"2026-01-20",0.06864,{"date":475,"score":424,"percentile":476},"2026-01-21",0.06859,{"date":478,"score":424,"percentile":479},"2026-01-22",0.06836,{"date":481,"score":424,"percentile":482},"2026-01-23",0.06901,{"date":484,"score":424,"percentile":485},"2026-01-24",0.06958,{"date":487,"score":424,"percentile":488},"2026-01-25",0.06935,{"date":490,"score":424,"percentile":491},"2026-01-26",0.06915,{"date":493,"score":424,"percentile":482},"2026-01-27",{"date":495,"score":424,"percentile":496},"2026-01-28",0.06878,{"date":498,"score":424,"percentile":499},"2026-01-29",0.06874,{"date":501,"score":240,"percentile":502},"2026-01-30",0.06664,{"date":504,"score":505,"percentile":506},"2026-01-31",0.00025,0.06225,{"date":508,"score":505,"percentile":509},"2026-02-01",0.06271,[511,516],{"source":182,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":512},{"baseScore":513,"baseSeverity":514,"vectorString":515,"impactScore":9,"exploitabilityScore":9},2.9,"LOW","CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",{"source":176,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":517,"cvss_v4_0":521},{"baseScore":174,"baseSeverity":518,"vectorString":177,"impactScore":519,"exploitabilityScore":520},"HIGH",6,10,{"baseScore":513,"baseSeverity":514,"vectorString":522,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[524,542],{"ecosystem":525,"name":526,"vendor":527,"product":528,"cpe_part":9,"purl_type":529,"purl_namespace":527,"purl_name":528,"source":9,"versions":530},"Maven","io.netty:netty-codec-http","io.netty","netty-codec-http","maven",[531,537],{"version":532,"is_range":533,"range_type":534,"version_start":9,"version_start_type":9,"version_end":535,"version_end_type":536,"fixed_in":9},"lt4_1_125_Final",true,"ecosystem","4.1.125.Final","excluding",{"version":538,"is_range":533,"range_type":534,"version_start":539,"version_start_type":540,"version_end":541,"version_end_type":536,"fixed_in":9},"gte4_2_0_Alpha1_lt4_2_5_Final","4.2.0.Alpha1","including","4.2.5.Final",{"ecosystem":9,"name":543,"vendor":543,"product":543,"cpe_part":544,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":545},"netty","a",[546,549,551,555],{"version":547,"is_range":533,"range_type":182,"version_start":548,"version_start_type":540,"version_end":541,"version_end_type":536,"fixed_in":9},">= 4.2.0.Alpha3, \u003C 4.2.5.Final","4.2.0.Alpha3",{"version":550,"is_range":533,"range_type":182,"version_start":9,"version_start_type":9,"version_end":535,"version_end_type":536,"fixed_in":9},"\u003C= 4.1.124.Final, \u003C 4.1.125.Final",{"version":552,"is_range":533,"range_type":553,"version_start":9,"version_start_type":9,"version_end":554,"version_end_type":536,"fixed_in":9},"lt4.1.125","cpe","4.1.125",{"version":556,"is_range":533,"range_type":553,"version_start":557,"version_start_type":540,"version_end":558,"version_end_type":536,"fixed_in":9},"gte4.2.0_lt4.2.5","4.2.0","4.2.5"]