Skip to content

[CVE-2025-55163] HIGH: grpc-netty-shaded / netty-codec-http2 - HTTP/2 DDoS vulnerability #82

New issue
New issue
Open
Open
[CVE-2025-55163] HIGH: grpc-netty-shaded / netty-codec-http2 - HTTP/2 DDoS vulnerability#82
Labels
securitySecurity-related issuesvulnerabilityDependency vulnerability
@nthmost-orkes

Description

@nthmost-orkes
nthmost-orkes
opened on Feb 27, 2026

Vulnerability Report

Field Value
CVE CVE-2025-55163
Severity HIGH
Libraries io.grpc:grpc-netty-shaded (1.70.0), io.netty:netty-codec-http2 (4.1.118.Final)
Source workers.jar
Fixed Versions grpc-netty-shaded 1.75.0, netty-codec-http2 4.2.4.Final / 4.1.124.Final

Summary

Netty MadeYouReset HTTP/2 DDoS Vulnerability - affects both grpc-netty-shaded and netty-codec-http2.

References

Filed from container vulnerability scan of workers.jar

Metadata

Metadata

Assignees

No one assigned

    Labels

    securitySecurity-related issuesvulnerabilityDependency vulnerability

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions