{"package":"io.netty:netty-all","ecosystem":"maven","latest_version":"5.0.0.Alpha2","description":"Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers and clients.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"http://netty.io/","repository":"https://github.com/netty/netty","downloads_weekly":321464,"health":{"score":47,"risk":"high","breakdown":{"maintenance":0,"popularity":14,"security":18,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":2,"critical":0,"high":1,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2014-0193","severity":"medium","summary":"Netty denial of service vulnerability","affected_versions":">=3.6.0.Beta1,<3.6.9.Final|>=3.7.0.Final,<3.7.1.Final|>=3.8.0.Final,<3.8.2.Final|>=3.9.0.Final,<3.9.1.Final|>=4.0.0.Alpha1,<4.0.19.Final|>=4.0.0.Alpha1,<4.0.19.Final|=3.6.0.Beta1|=3.6.0.Final|=3.6.1.Final|=3.6.2.Final|=3.6.3.Final|=3.6.4.Final|=3.6.5.Final|=3.6.6.Final|=3.6.7.Final|=3.6.8.Final|=3.7.0.Final|=3.8.0.Final|=3.8.1.Final|=3.9.0.Final|=4.0.0.Alpha1|=4.0.0.Alpha2|=4.0.0.Alpha3|=4.0.0.Alpha4|=4.0.0.Alpha5|=4.0.0.Alpha6|=4.0.0.Alpha7|=4.0.0.Alpha8|=4.0.0.Beta1|=4.0.0.Beta2|=4.0.0.Beta3|=4.0.0.CR1|=4.0.0.CR2|=4.0.0.CR3|=4.0.0.CR4|=4.0.0.CR5|=4.0.0.CR6|=4.0.0.CR7|=4.0.0.CR8|=4.0.0.CR9|=4.0.0.Final|=4.0.1.Final|=4.0.10.Final|=4.0.11.Final|=4.0.12.Final|=4.0.13.Final|=4.0.14.Beta1|=4.0.14.Final|=4.0.15.Final|=4.0.16.Final|=4.0.17.Final|=4.0.18.Final|=4.0.2.Final|=4.0.3.Final|=4.0.4.Final|=4.0.5.Final|=4.0.6.Final|=4.0.7.Final|=4.0.8.Final|=4.0.9.Final","fixed_version":"4.0.19.Final","source":"osv","published_at":"2022-05-13T01:54:02Z","in_kev":false,"epss_prob":0.04075,"epss_percentile":0.88581,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-16869","severity":"high","summary":"HTTP Request Smuggling in Netty","affected_versions":">=4.0.0.Alpha1,<4.1.42.Final|=4.0.0.Beta1|=4.0.0.Beta2|=4.0.0.Beta3|=4.0.0.CR1|=4.0.0.CR2|=4.0.0.CR3|=4.0.0.CR4|=4.0.0.CR5|=4.0.0.CR6|=4.0.0.CR7|=4.0.0.CR8|=4.0.0.CR9|=4.0.0.Final|=4.0.1.Final|=4.0.10.Final|=4.0.11.Final|=4.0.12.Final|=4.0.13.Final|=4.0.14.Beta1|=4.0.14.Final|=4.0.15.Final|=4.0.16.Final|=4.0.17.Final|=4.0.18.Final|=4.0.19.Final|=4.0.2.Final|=4.0.20.Final|=4.0.21.Final|=4.0.22.Final|=4.0.23.Final|=4.0.24.Final|=4.0.25.Final|=4.0.26.Final|=4.0.27.Final|=4.0.28.Final|=4.0.29.Final|=4.0.3.Final|=4.0.30.Final|=4.0.31.Final|=4.0.32.Final|=4.0.33.Final|=4.0.34.Final|=4.0.35.Final|=4.0.36.Final|=4.0.37.Final|=4.0.38.Final|=4.0.39.Final|=4.0.4.Final|=4.0.40.Final|=4.0.41.Final|=4.0.42.Final|=4.0.43.Final|=4.0.44.Final|=4.0.45.Final|=4.0.46.Final|=4.0.47.Final|=4.0.48.Final|=4.0.49.Final|=4.0.5.Final|=4.0.50.Final|=4.0.51.Final|=4.0.52.Final|=4.0.53.Final|=4.0.54.Final|=4.0.55.Final|=4.0.56.Final|=4.0.6.Final|=4.0.7.Final|=4.0.8.Final|=4.0.9.Final|=4.1.0.Beta1|=4.1.0.Beta2|=4.1.0.Beta3|=4.1.0.Beta4|=4.1.0.Beta5|=4.1.0.Beta6|=4.1.0.Beta7|=4.1.0.Beta8|=4.1.0.CR1|=4.1.0.CR2|=4.1.0.CR3|=4.1.0.CR4|=4.1.0.CR5|=4.1.0.CR6|=4.1.0.CR7|=4.1.0.Final|=4.1.1.Final|=4.1.10.Final|=4.1.11.Final|=4.1.12.Final|=4.1.13.Final|=4.1.14.Final|=4.1.15.Final|=4.1.16.Final|=4.1.17.Final|=4.1.18.Final|=4.1.19.Final|=4.1.2.Final|=4.1.20.Final|=4.1.21.Final|=4.1.22.Final|=4.1.23.Final|=4.1.24.Final|=4.1.25.Final|=4.1.26.Final|=4.1.27.Final|=4.1.28.Final|=4.1.29.Final|=4.1.3.Final|=4.1.30.Final|=4.1.31.Final|=4.1.32.Final|=4.1.33.Final|=4.1.34.Final|=4.1.35.Final|=4.1.36.Final|=4.1.37.Final|=4.1.38.Final|=4.1.39.Final|=4.1.4.Final|=4.1.40.Final|=4.1.41.Final|=4.1.5.Final|=4.1.6.Final|=4.1.7.Final|=4.1.8.Final|=4.1.9.Final|=3.0.0.CR1|=3.0.0.CR2|=3.0.0.CR3|=3.0.0.CR4|=3.0.0.CR5|=3.0.0.GA|=3.0.1.GA|=3.0.2.GA|=3.1.0.ALPHA1|=3.1.0.ALPHA2|=3.1.0.ALPHA3|=3.1.0.ALPHA4|=3.1.0.BETA1|=3.1.0.BETA2|=3.1.0.BETA3|=3.1.0.CR1|=3.1.0.GA|=3.1.1.GA|=3.1.2.GA|=3.1.3.GA|=3.1.4.GA|=3.1.5.GA|=3.2.0.ALPHA1|=3.2.0.ALPHA2|=3.2.0.ALPHA3|=3.2.0.ALPHA4|=3.2.0.BETA1|=3.2.0.CR1|=3.2.0.Final|=3.2.1.Final|=3.2.10.Final|=3.2.2.Final|=3.2.3.Final|=3.2.4.Final|=3.2.5.Final|=3.2.6.Final|=3.2.7.Final|=3.2.8.Final|=3.2.9.Final","fixed_version":"4.1.42.Final","source":"osv","published_at":"2019-10-11T18:41:23Z","in_kev":false,"epss_prob":0.04028,"epss_percentile":0.88523,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"5.0.0.Alpha2","total_count":221,"recent":["4.2.1.Final","4.1.121.Final","4.1.120.Final","4.2.0.Final","4.2.0.RC4","4.1.119.Final","4.2.0.RC3","4.1.118.Final","4.2.0.RC2","4.1.117.Final","4.1.116.Final","4.2.0.RC1","4.1.115.Final","4.2.0.Beta1","4.2.0.Alpha5","4.1.114.Final","4.2.0.Alpha4","4.1.113.Final","4.2.0.Alpha3","4.1.112.Final"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":null,"last_published":"2015-03-03T16:19:00+00:00","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"update_required","issues":["1 high severity vulnerabilities"],"use_version":"5.0.0.Alpha2","version_hint":"Update to >= 4.1.42.Final to fix known vulnerabilities","summary":"io.netty:netty-all@5.0.0.Alpha2 has vulnerabilities — update to latest"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":1180,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":true,"bus_factor_3m":21,"active_contributors_12m":21,"primary_author_ratio":0.45,"owner_account_age_days":5642,"is_archived":false,"stars":34919,"alerts":[]},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"co_used_with":[{"package":"org.springframework.cloud:spring-cloud-commons","occurrences":2}],"version_history_summary":{"total_versions":21,"first_release_age_days":4621,"last_release_days_ago":4077,"avg_days_between_releases":231,"release_velocity":"stale"}}