[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2025:4489-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-06T02:55:33.997Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":16,"duplicates":17,"related":18,"reserved_at":9,"published_at":20,"modified_at":21,"state":9,"summary":22,"references_raw":24,"kevs":42,"epss":9,"epss_history":43,"metrics":44,"affected":45},"SUSE-SU-2025:4489-1","Security update for netty\n\nThis update for netty fixes the following issues:\n\nUpdate to upstream version 4.1.130.\n\nSecurity issues fixed:\n\n- CVE-2025-67735: lack of URI sanitization in `HttpRequestEncoder` allows for CRLF injection through a request URI and\n  can lead to request smuggling (bsc#1255048).\n\nOther updates and bugfixes:\n\n- Version 4.1.130:\n  * Update `lz4-java` version to 1.10.1\n  * Close `Channel` and fail bootstrap when setting a `ChannelOption` causes an error\n  * Discard the following `HttpContent` for preflight request\n  * Fix race condition in `NonStickyEventExecutorGroup` causing incorrect `inEventLoop()` results\n  * Fix Zstd compression for large data\n  * Fix `ZstdEncoder` not producing data when source is smaller than block\n  * Make big endian ASCII hashcode consistent with little endian\n  * Fix reentrancy bug in `ByteToMessageDecoder`\n  * Add 32k and 64k size classes to adaptive allocator\n  * Re-enable reflective field accesses in native images\n  * Correct HTTP/2 padding length check\n  * Fix HTTP startline validation\n  * Fix `MpscIntQueue` bug\n\n- Build against the `org.jboss:jdk-misc` artifact that is implementing the `sun.misc` classes removed in Java 25\n",null,[],[],[],[14],{"_key":15},"CVE-2025-67735",[],[],[19],{"_key":15},"2025-12-19T11:01:56Z","2026-03-23T04:51:35.829794Z",{"cisa_kev":23,"cisa_ransomware":23,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[25,32,37],{"url":26,"sources":27,"tags":30},"https://www.suse.com/support/update/announcement/2025/suse-su-20254489-1/",[28,29],"osv_suse","osv_opensuse",[31],"Advisory",{"url":33,"sources":34,"tags":35},"https://bugzilla.suse.com/1255048",[28,29],[36],"REPORT",{"url":38,"sources":39,"tags":40},"https://www.suse.com/security/cve/CVE-2025-67735",[28,29],[41],"WEB",[],[],[],[46,59],{"ecosystem":47,"name":48,"vendor":49,"product":50,"cpe_part":9,"purl_type":51,"purl_namespace":49,"purl_name":50,"source":9,"versions":52},"openSUSE","netty","opensuse","netty&distro=openSUSE Leap 15.6","rpm",[53],{"version":54,"is_range":55,"range_type":56,"version_start":9,"version_start_type":9,"version_end":57,"version_end_type":58,"fixed_in":9},"lt4_1_130_150200_4_40_1",true,"ecosystem","4.1.130-150200.4.40.1","excluding",{"ecosystem":60,"name":48,"vendor":61,"product":62,"cpe_part":9,"purl_type":51,"purl_namespace":61,"purl_name":62,"source":9,"versions":63},"SUSE Linux Enterprise","suse","netty&distro=SUSE Linux Enterprise Module for Package Hub 15 SP7",[64],{"version":54,"is_range":55,"range_type":56,"version_start":9,"version_start_type":9,"version_end":57,"version_end_type":58,"fixed_in":9}]