CVE-2021-21290
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-21290
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-21290.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-21290
- Aliases
- Downstream
- Related
- Published
- 2021-02-08T20:15:12Z
- Modified
- 2025-10-15T12:26:08.532670Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method "File.createTempFile" on unix-like systems creates a random file, but, by default will create this file with the permissions "-rw-r--r--". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's "AbstractDiskHttpData" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own "java.io.tmpdir" when you start the JVM or use "DefaultHttpDataFactory.setBaseDir(...)" to set the directory to something that is only readable by the current user.
- References
-
- https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec
- https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2
- https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html
- https://security.netapp.com/advisory/ntap-20220210-0011/
- https://www.debian.org/security/2021/dsa-4885
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://www.oracle.com/security-alerts/cpuApr2021.html
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpuoct2021.html
- https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E
- https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020%40%3Cdev.tinkerpop.apache.org%3E
- https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29%40%3Cusers.activemq.apache.org%3E
- https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214%40%3Ccommits.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f%40%3Ccommits.kafka.apache.org%3E
- https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12%40%3Cdev.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E
- https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E
- https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E
- https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb%40%3Cjira.kafka.apache.org%3E
- https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E
- https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18%40%3Cjira.kafka.apache.org%3E
Affected packages
Git / github.com/netty/netty
Affected ranges
- Type
- GIT
- Repo
- https://github.com/netty/netty
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
netty-4.*
netty-4.0.0.Alpha1
netty-4.0.0.Alpha2
netty-4.0.0.Alpha3
netty-4.0.0.Alpha4
netty-4.0.0.Alpha5
netty-4.0.0.Alpha6
netty-4.0.0.Alpha7
netty-4.0.0.Alpha8
netty-4.0.0.Beta1
netty-4.0.0.Beta2
netty-4.0.0.Beta3
netty-4.0.0.CR1
netty-4.0.0.CR2
netty-4.0.0.CR3
netty-4.0.0.CR4
netty-4.0.0.CR5
netty-4.0.0.CR7
netty-4.0.0.CR8
netty-4.0.0.CR9
netty-4.0.0.Final
netty-4.0.1.Final
netty-4.0.10.Final
netty-4.0.11.Final
netty-4.0.12.Final
netty-4.0.13.Final
netty-4.0.14.Beta1
netty-4.0.14.Final
netty-4.0.15.Final
netty-4.0.2.Final
netty-4.0.3.Final
netty-4.0.4.Final
netty-4.0.5.Final
netty-4.0.6.Final
netty-4.0.7.Final
netty-4.0.8.Final
netty-4.1.0.Beta1
netty-4.1.0.Beta2
netty-4.1.0.Beta3
netty-4.1.0.Beta4
netty-4.1.0.Beta5
netty-4.1.0.Beta6
netty-4.1.0.Beta7
netty-4.1.0.Beta8
netty-4.1.0.CR1
netty-4.1.0.CR2
netty-4.1.0.CR3
netty-4.1.0.CR4
netty-4.1.0.CR5
netty-4.1.0.CR6
netty-4.1.0.CR7
netty-4.1.0.Final
netty-4.1.1.Final
netty-4.1.10.Final
netty-4.1.11.Final
netty-4.1.12.Final
netty-4.1.13.Final
netty-4.1.14.Final
netty-4.1.15.Final
netty-4.1.16.Final
netty-4.1.17.Final
netty-4.1.18.Final
netty-4.1.19.Final
netty-4.1.2.Final
netty-4.1.20.Final
netty-4.1.21.Final
netty-4.1.22.Final
netty-4.1.23.Final
netty-4.1.24.Final
netty-4.1.25.Final
netty-4.1.26.Final
netty-4.1.27.Final
netty-4.1.28.Final
netty-4.1.29.Final
netty-4.1.3.Final
netty-4.1.30.Final
netty-4.1.31.Final
netty-4.1.32.Final
netty-4.1.33.Final
netty-4.1.34.Final
netty-4.1.35.Final
netty-4.1.36.Final
netty-4.1.37.Final
netty-4.1.38.Final
netty-4.1.39.Final
netty-4.1.4.Final
netty-4.1.40.Final
netty-4.1.41.Final
netty-4.1.42.Final
netty-4.1.43.Final
netty-4.1.44.Final
netty-4.1.45.Final
netty-4.1.46.Final
netty-4.1.47.Final
netty-4.1.48.Final
netty-4.1.49.Final
netty-4.1.5.Final
netty-4.1.50.Final
netty-4.1.51.Final
netty-4.1.52.Final
netty-4.1.53.Final
netty-4.1.54.Final
netty-4.1.55.Final
netty-4.1.56.Final
netty-4.1.57.Final
netty-4.1.58.Final
netty-4.1.6.Final
netty-4.1.7.Final
netty-4.1.8.Final
netty-4.1.9.Final
Database specific
vanir_signatures
[
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-077432d3",
"digest": {
"function_hash": "295684598244045391254762332110431192664",
"length": 1454.0
},
"target": {
"function": "newSelfSignedCertificate",
"file": "handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-187806c1",
"digest": {
"function_hash": "133390690123085264421336353560996163115",
"length": 1099.0
},
"target": {
"function": "testReadBytesAndWriteBytesWithFileChannel",
"file": "buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-1a89cd0a",
"digest": {
"function_hash": "317392731320759192325511046050366822622",
"length": 941.0
},
"target": {
"function": "setSetContentFromFileExceptionally",
"file": "codec-http/src/test/java/io/netty/handler/codec/http/multipart/DiskFileUploadTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-27b902c9",
"digest": {
"threshold": 0.9,
"line_hashes": [
"221366973025584276803400832204086000598",
"99205271989055815503500607188638397454",
"88602825141298783259763333960972401992",
"58683490782590862425257136216794392034",
"16240528039910742221039230118775744764",
"218815817825479445165122700601169241500",
"337957483584014053579398160533358138564",
"49908823716288788665607125509191653009"
]
},
"target": {
"file": "transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-2d9820ca",
"digest": {
"function_hash": "339408516633200945072977096187008892394",
"length": 1119.0
},
"target": {
"function": "testGetBytesAndSetBytesWithFileChannel",
"file": "buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-34104b21",
"digest": {
"threshold": 0.9,
"line_hashes": [
"269459795219174633564484238367942118267",
"167064665948132415659291216789706631302",
"74492544580087965690158599657703726013",
"204747621888568207166148439937244610246",
"20095078472078117724754541697559969336",
"155582360956253851897827105106038441361",
"218397100515757112374270675527890296482"
]
},
"target": {
"file": "common/src/main/java/io/netty/util/internal/PlatformDependent.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-36be63a5",
"digest": {
"threshold": 0.9,
"line_hashes": [
"280209445171040317299829907558652670367",
"313267540279685891680314459415827989033",
"231712097763556443873453183266658438141",
"66113100530583193283599591554261082203"
]
},
"target": {
"file": "codec-http/src/test/java/io/netty/handler/codec/http/multipart/DiskFileUploadTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-46c58d27",
"digest": {
"function_hash": "20752352863578756335518417066903696304",
"length": 1593.0
},
"target": {
"function": "spliceToFile",
"file": "transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-63ffb191",
"digest": {
"function_hash": "77974683723598503167923879994683169736",
"length": 213.0
},
"target": {
"function": "newFile",
"file": "transport/src/test/java/io/netty/channel/DefaultFileRegionTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-6426120f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"273066779607041687924655959835423780555",
"143625064857469632595444750143443005767",
"305108930999052643837974718018704035009",
"118591198241955966064211567196413065503"
]
},
"target": {
"file": "common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-64900bda",
"digest": {
"threshold": 0.9,
"line_hashes": [
"75772215508019517270235628957438966889",
"142572101557014317136765141228994702983",
"23353278574766479736644108101764329623",
"283374030353294187812883443621319012800",
"231650875228290476209551628697021255191",
"149336387926437814357623816965540025176",
"327181023570581108520888782545216589705",
"105770916067198228512047387694437867578"
]
},
"target": {
"file": "testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-68a1d0a1",
"digest": {
"function_hash": "250375674370950188099888603953203136234",
"length": 864.0
},
"target": {
"function": "testFileRegionCountLargerThenFile",
"file": "testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-71b6314f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"74569062187796223899485979063125234537",
"26582672315655099853088358041451045283",
"31271734137625329791322397087397769963",
"298611047676455948116168060715078638677",
"148325554537981696872251782976356783178",
"256498375948381386043494933468041620526",
"283646181990085704394233497985536862478",
"298611047676455948116168060715078638677"
]
},
"target": {
"file": "buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-732f9826",
"digest": {
"threshold": 0.9,
"line_hashes": [
"252991143558514121005935545319267746296",
"101404408938846687366810754936779896196",
"236109391468231026271536366304466961019",
"2657712984660219999544162481638510750",
"44982175153299047301817761031778951053",
"122833983693213591435498462213732094923",
"284065453517556888980291185384472319560",
"25948760528623399977695556379917529005"
]
},
"target": {
"file": "handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-7b12a92b",
"digest": {
"function_hash": "246849731985799076138723663705634028248",
"length": 827.0
},
"target": {
"function": "testGetChunk",
"file": "codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpDataTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-7b3a29bf",
"digest": {
"function_hash": "161024544670115321515883939794401273958",
"length": 2477.0
},
"target": {
"function": "load",
"file": "common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-854c9fce",
"digest": {
"threshold": 0.9,
"line_hashes": [
"14899090742751240400262947320233118238",
"142746964522976098152758555838848904521",
"177377157224302066983641973066517727445",
"234915269546471457105686939726465171629",
"167142576291982566639816061111896886219",
"172932842993738265079470346669759910430",
"184397237865659816941013081346419683226"
]
},
"target": {
"file": "transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-9b7af5ee",
"digest": {
"threshold": 0.9,
"line_hashes": [
"268885886391243981831444787227361221938",
"133980524984887425264703176300597070242",
"300673572801592270859024070327468245081",
"304251940734849884547876734095332473059"
]
},
"target": {
"file": "buffer/src/test/java/io/netty/buffer/ReadOnlyDirectByteBufferBufTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-9c83fe5d",
"digest": {
"function_hash": "177627463989417368959680388028868942891",
"length": 673.0
},
"target": {
"function": "testSetContentFromFile",
"file": "codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractMemoryHttpDataTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-a38b8532",
"digest": {
"function_hash": "15502376741811687921632289189073556485",
"length": 423.0
},
"target": {
"function": "tempFile",
"file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-aa73e5fd",
"digest": {
"threshold": 0.9,
"line_hashes": [
"62985725149667727747964419647585038853",
"294311599676038881078269297537265362603",
"31559479192819924435465180336573327185",
"335065732922691617921381276840890378417"
]
},
"target": {
"file": "codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpDataTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-aeb49dd1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"185210336263519967546090304702895498511",
"90374264491802833744898462321325505380",
"177676116226220609407249462676138492486",
"226493937101611337813351648277487647673",
"44982175153299047301817761031778951053",
"122833983693213591435498462213732094923",
"284065453517556888980291185384472319560",
"25948760528623399977695556379917529005"
]
},
"target": {
"file": "codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-b191955c",
"digest": {
"threshold": 0.9,
"line_hashes": [
"46255748621991509751224389293356501573",
"153840593863356436674952952747292980707",
"92094541933597550855359695117949420525",
"171600452635882931683029555733064458913",
"14309124654035316106867388473821102333",
"303560818103671179211314644948416860948",
"238490929957309547654940634517830440870",
"137564737632815557126727203091346824325",
"125097685693659360498638533568579560213",
"115082714905007365612171383663573507239"
]
},
"target": {
"file": "codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-bc88d36e",
"digest": {
"function_hash": "138432552387786739329793433652346567744",
"length": 816.0
},
"target": {
"function": "testRenameTo",
"file": "codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractMemoryHttpDataTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-c6505721",
"digest": {
"function_hash": "225945559974801316469763203855258510785",
"length": 506.0
},
"target": {
"function": "beforeClass",
"file": "handler/src/test/java/io/netty/handler/traffic/FileRegionThrottleTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-c83f7f2a",
"digest": {
"function_hash": "165312999243004585005363029781348157707",
"length": 895.0
},
"target": {
"function": "testWrapMemoryMapped",
"file": "buffer/src/test/java/io/netty/buffer/ReadOnlyDirectByteBufferBufTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-cea768bf",
"digest": {
"threshold": 0.9,
"line_hashes": [
"21185224205250863049137516840967148341",
"122106550924688096087327000397688726553",
"146766429746316096140664071572530333697",
"283374030353294187812883443621319012800"
]
},
"target": {
"file": "transport/src/test/java/io/netty/channel/DefaultFileRegionTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-cff01b53",
"digest": {
"function_hash": "289856055505396381353084554327392944141",
"length": 2762.0
},
"target": {
"function": "testFileRegion0",
"file": "testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-d2c4bf7f",
"digest": {
"threshold": 0.9,
"line_hashes": [
"191826684986620949446025733533152375134",
"132332118309381943872349701066672543822",
"297318031953878039265137777538167630352",
"213283888880769122829357242831781279234",
"188584693476633918249008217742135781052",
"103105849306680560436778935752193727287",
"229255527581203437930700022414372731223",
"300013309348704687579051427596703637527",
"120785853950431100409294329691144136923",
"142791160176691007916146744256913974539",
"202139655453783045308412754900298281989",
"90430648870466310586453335670671465632",
"105915229316210602047482481653596289631",
"67593662739416772608565511630403727899",
"25611685165630669706802591964042371056",
"235242649862161775663509560142015851258"
]
},
"target": {
"file": "handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-d58b8581",
"digest": {
"threshold": 0.9,
"line_hashes": [
"216108586046636497504743219409460314480",
"294311599676038881078269297537265362603",
"31559479192819924435465180336573327185",
"335065732922691617921381276840890378417",
"165218274741257001951976388995175750500",
"294311599676038881078269297537265362603",
"223252058065772507785604747959510790466",
"227067432686324644082691196276091339266"
]
},
"target": {
"file": "codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractMemoryHttpDataTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2021-21290-d7f19254",
"digest": {
"threshold": 0.9,
"line_hashes": [
"213071548672507060252027898348047309520",
"137862258711070624767573842603716787966",
"307137884368767751922542967138107027705",
"175781335838155413178614448230459348520",
"208302254308879896800134712328596899709",
"264337158096178366760555043909457978078",
"142702375422995247752769303898643558662",
"15525868939370147550757668641082336672"
]
},
"target": {
"file": "handler/src/test/java/io/netty/handler/traffic/FileRegionThrottleTest.java"
}
},
{
"source": "https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2021-21290-f36ef78d",
"digest": {
"function_hash": "317870465466781611295968114635425646062",
"length": 309.0
},
"target": {
"function": "newSocketAddress",
"file": "transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java"
}
}
]