{"id":"CVE-2021-21290","details":"Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty before version 4.1.59.Final there is a vulnerability on Unix-like systems involving an insecure temp file. When netty's multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. On unix-like systems, the temporary directory is shared between all user. As such, writing to this directory using APIs that do not explicitly set the file/directory permissions can lead to information disclosure. Of note, this does not impact modern MacOS Operating Systems. The method \"File.createTempFile\" on unix-like systems creates a random file, but, by default will create this file with the permissions \"-rw-r--r--\". Thus, if sensitive information is written to this file, other local users can read this information. This is the case in netty's \"AbstractDiskHttpData\" is vulnerable. This has been fixed in version 4.1.59.Final. As a workaround, one may specify your own \"java.io.tmpdir\" when you start the JVM or use \"DefaultHttpDataFactory.setBaseDir(...)\" to set the directory to something that is only readable by the current user.","aliases":["GHSA-5mcr-gq6c-3hq2"],"modified":"2026-04-16T04:39:20.801141044Z","published":"2021-02-08T20:15:12.433Z","related":["CGA-p34x-vp8g-rrr7","GHSA-5mcr-gq6c-3hq2","SUSE-SU-2022:1271-1","SUSE-SU-2022:3617-1","SUSE-SU-2022:3760-1","SUSE-SU-2022:3793-1","openSUSE-SU-2024:11085-1"],"references":[{"type":"WEB","url":"https://lists.apache.org/thread.html/r71dbb66747ff537640bb91eb0b2b24edef21ac07728097016f58b01f%40%3Ccommits.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r7bb3cdc192e9a6f863d3ea05422f09fa1ae2b88d4663e63696ee7ef5%40%3Cdev.ranger.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r9924ef9357537722b28d04c98a189750b80694a19754e5057c34ca48%40%3Ccommits.pulsar.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra503756ced78fdc2136bd33e87cb7553028645b261b1f5c6186a121e%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc488f80094872ad925f0c73d283d4c00d32def81977438e27a3dc2bb%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r0053443ce19ff125981559f8c51cf66e3ab4350f47812b8cf0733a05%40%3Cdev.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r4efed2c501681cb2e8d629da16e48d9eac429624fd4c9a8c6b8e7020%40%3Cdev.tinkerpop.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r743149dcc8db1de473e6bff0b3ddf10140a7357bc2add75f7d1fbb12%40%3Cdev.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r10308b625e49d4e9491d7e079606ca0df2f0a4d828f1ad1da64ba47b%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r2936730ef0a06e724b96539bc7eacfcd3628987c16b1b99c790e7b87%40%3Cissues.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r2fda4dab73097051977f2ab818f75e04fbcb15bb1003c8530eac1059%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5bf303d7c04da78f276765da08559fdc62420f1df539b277ca31f63b%40%3Cissues.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r790c2926efcd062067eb18fde2486527596d7275381cfaff2f7b3890%40%3Cissues.bookkeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb06c1e766aa45ee422e8261a8249b561784186483e8f742ea627bda4%40%3Cdev.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r02e467123d45006a1dda20a38349e9c74c3a4b53e2e07be0939ecb3f%40%3Cdev.ranger.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r2748097ea4b774292539cf3de6e3b267fc7a88d6c8ec40f4e2e87bd4%40%3Cdev.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r59bac5c09f7a4179b9e2460e8f41c278aaf3b9a21cc23678eb893e41%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5e66e286afb5506cdfe9bbf68a323e8d09614f6d1ddc806ed0224700%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb51d6202ff1a773f96eaa694b7da4ad3f44922c40b3d4e1a19c2f325%40%3Ccommits.pulsar.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rdba4f78ac55f803893a1a2265181595e79e3aa027e2e651dfba98c18%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r1908a34b9cc7120e5c19968a116ddbcffea5e9deb76c2be4fa461904%40%3Cdev.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r326ec431f06eab7cb7113a7a338e59731b8d556d05258457f12bac1b%40%3Cdev.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r0857b613604c696bf9743f0af047360baaded48b1c75cf6945a083c5%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5e4a540089760c8ecc2c411309d74264f1dad634ad93ad583ca16214%40%3Ccommits.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rc0087125cb15b4b78e44000f841cd37fefedfda942fd7ddf3ad1b528%40%3Cissues.zookeeper.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rcd163e421273e8dca1c71ea298dce3dd11b41d51c3a812e0394e6a5d%40%3Ccommits.pulsar.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/r5c701840aa2845191721e39821445e1e8c59711e71942b7796a6ec29%40%3Cusers.activemq.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/ra0fc2b4553dd7aaf75febb61052b7f1243ac3a180a71c01f29093013%40%3Cjira.kafka.apache.org%3E"},{"type":"WEB","url":"https://lists.apache.org/thread.html/rb592033a2462548d061a83ac9449c5ff66098751748fcd1e2d008233%40%3Cissues.zookeeper.apache.org%3E"},{"type":"ADVISORY","url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"type":"ADVISORY","url":"https://www.debian.org/security/2021/dsa-4885"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2021/02/msg00016.html"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220210-0011/"},{"type":"FIX","url":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuApr2021.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuoct2021.html"},{"type":"EVIDENCE","url":"https://github.com/netty/netty/security/advisories/GHSA-5mcr-gq6c-3hq2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/netty/netty","events":[{"introduced":"0"},{"fixed":"97d044812dc84288ea2c44c0862c5b1c26cb5b2d"},{"fixed":"c735357bf29d07856ad171c6611a2e1a0e0000ec"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.1.59"}]}},{"type":"GIT","repo":"https://github.com/quarkusio/quarkus","events":[{"introduced":"0"},{"last_affected":"7bdb007f650a604f589eb44264b4df4800f697c0"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.13.7"}]}}],"versions":["1.13.7.Final","netty-4.0.0.Alpha1","netty-4.0.0.Alpha2","netty-4.0.0.Alpha3","netty-4.0.0.Alpha4","netty-4.0.0.Alpha5","netty-4.0.0.Alpha6","netty-4.0.0.Alpha7","netty-4.0.0.Alpha8","netty-4.0.0.Beta1","netty-4.0.0.Beta2","netty-4.0.0.Beta3","netty-4.0.0.CR1","netty-4.0.0.CR2","netty-4.0.0.CR3","netty-4.0.0.CR4","netty-4.0.0.CR5","netty-4.0.0.CR7","netty-4.0.0.CR8","netty-4.0.0.CR9","netty-4.0.0.Final","netty-4.0.1.Final","netty-4.0.10.Final","netty-4.0.11.Final","netty-4.0.12.Final","netty-4.0.13.Final","netty-4.0.14.Beta1","netty-4.0.14.Final","netty-4.0.15.Final","netty-4.0.2.Final","netty-4.0.3.Final","netty-4.0.4.Final","netty-4.0.5.Final","netty-4.0.6.Final","netty-4.0.7.Final","netty-4.0.8.Final","netty-4.1.0.Beta1","netty-4.1.0.Beta2","netty-4.1.0.Beta3","netty-4.1.0.Beta4","netty-4.1.0.Beta5","netty-4.1.0.Beta6","netty-4.1.0.Beta7","netty-4.1.0.Beta8","netty-4.1.0.CR1","netty-4.1.0.CR2","netty-4.1.0.CR3","netty-4.1.0.CR4","netty-4.1.0.CR5","netty-4.1.0.CR6","netty-4.1.0.CR7","netty-4.1.0.Final","netty-4.1.1.Final","netty-4.1.10.Final","netty-4.1.11.Final","netty-4.1.12.Final","netty-4.1.13.Final","netty-4.1.14.Final","netty-4.1.15.Final","netty-4.1.16.Final","netty-4.1.17.Final","netty-4.1.18.Final","netty-4.1.19.Final","netty-4.1.2.Final","netty-4.1.20.Final","netty-4.1.21.Final","netty-4.1.22.Final","netty-4.1.23.Final","netty-4.1.24.Final","netty-4.1.25.Final","netty-4.1.26.Final","netty-4.1.27.Final","netty-4.1.28.Final","netty-4.1.29.Final","netty-4.1.3.Final","netty-4.1.30.Final","netty-4.1.31.Final","netty-4.1.32.Final","netty-4.1.33.Final","netty-4.1.34.Final","netty-4.1.35.Final","netty-4.1.36.Final","netty-4.1.37.Final","netty-4.1.38.Final","netty-4.1.39.Final","netty-4.1.4.Final","netty-4.1.40.Final","netty-4.1.41.Final","netty-4.1.42.Final","netty-4.1.43.Final","netty-4.1.44.Final","netty-4.1.45.Final","netty-4.1.46.Final","netty-4.1.47.Final","netty-4.1.48.Final","netty-4.1.49.Final","netty-4.1.5.Final","netty-4.1.50.Final","netty-4.1.51.Final","netty-4.1.52.Final","netty-4.1.53.Final","netty-4.1.54.Final","netty-4.1.55.Final","netty-4.1.56.Final","netty-4.1.57.Final","netty-4.1.58.Final","netty-4.1.6.Final","netty-4.1.7.Final","netty-4.1.8.Final","netty-4.1.9.Final"],"database_specific":{"vanir_signatures_modified":"2026-04-11T23:33:54Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-21290.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.2.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.3.0"}]},{"events":[{"introduced":"0"},{"last_affected":"14.5.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0.0.3"}]},{"events":[{"introduced":"0"},{"last_affected":"7.4.2"}]},{"events":[{"introduced":"0"},{"last_affected":"8.1"}]},{"events":[{"introduced":"0"},{"fixed":"20.3"}]}],"vanir_signatures":[{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_type":"Function","deprecated":false,"target":{"function":"newSelfSignedCertificate","file":"handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java"},"digest":{"length":1454,"function_hash":"295684598244045391254762332110431192664"},"signature_version":"v1","id":"CVE-2021-21290-077432d3"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_type":"Function","deprecated":false,"target":{"function":"testReadBytesAndWriteBytesWithFileChannel","file":"buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java"},"digest":{"length":1099,"function_hash":"133390690123085264421336353560996163115"},"signature_version":"v1","id":"CVE-2021-21290-187806c1"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","digest":{"length":941,"function_hash":"317392731320759192325511046050366822622"},"deprecated":false,"target":{"function":"setSetContentFromFileExceptionally","file":"codec-http/src/test/java/io/netty/handler/codec/http/multipart/DiskFileUploadTest.java"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-21290-1a89cd0a"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","digest":{"threshold":0.9,"line_hashes":["221366973025584276803400832204086000598","99205271989055815503500607188638397454","88602825141298783259763333960972401992","58683490782590862425257136216794392034","16240528039910742221039230118775744764","218815817825479445165122700601169241500","337957483584014053579398160533358138564","49908823716288788665607125509191653009"]},"deprecated":false,"target":{"file":"transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2021-21290-27b902c9"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","digest":{"length":1119,"function_hash":"339408516633200945072977096187008892394"},"deprecated":false,"target":{"function":"testGetBytesAndSetBytesWithFileChannel","file":"buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-21290-2d9820ca"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","deprecated":false,"signature_version":"v1","target":{"file":"common/src/main/java/io/netty/util/internal/PlatformDependent.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["269459795219174633564484238367942118267","167064665948132415659291216789706631302","74492544580087965690158599657703726013","204747621888568207166148439937244610246","20095078472078117724754541697559969336","155582360956253851897827105106038441361","218397100515757112374270675527890296482"]},"id":"CVE-2021-21290-34104b21"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_version":"v1","deprecated":false,"target":{"file":"codec-http/src/test/java/io/netty/handler/codec/http/multipart/DiskFileUploadTest.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["280209445171040317299829907558652670367","313267540279685891680314459415827989033","231712097763556443873453183266658438141","66113100530583193283599591554261082203"]},"id":"CVE-2021-21290-36be63a5"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","target":{"function":"spliceToFile","file":"transport-native-epoll/src/test/java/io/netty/channel/epoll/EpollSpliceTest.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":1593,"function_hash":"20752352863578756335518417066903696304"},"id":"CVE-2021-21290-46c58d27"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","digest":{"length":213,"function_hash":"77974683723598503167923879994683169736"},"deprecated":false,"target":{"function":"newFile","file":"transport/src/test/java/io/netty/channel/DefaultFileRegionTest.java"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-21290-63ffb191"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","digest":{"threshold":0.9,"line_hashes":["273066779607041687924655959835423780555","143625064857469632595444750143443005767","305108930999052643837974718018704035009","118591198241955966064211567196413065503"]},"deprecated":false,"target":{"file":"common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2021-21290-6426120f"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_type":"Line","deprecated":false,"target":{"file":"testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java"},"digest":{"threshold":0.9,"line_hashes":["75772215508019517270235628957438966889","142572101557014317136765141228994702983","23353278574766479736644108101764329623","283374030353294187812883443621319012800","231650875228290476209551628697021255191","149336387926437814357623816965540025176","327181023570581108520888782545216589705","105770916067198228512047387694437867578"]},"signature_version":"v1","id":"CVE-2021-21290-64900bda"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","target":{"function":"testFileRegionCountLargerThenFile","file":"testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":864,"function_hash":"250375674370950188099888603953203136234"},"id":"CVE-2021-21290-68a1d0a1"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_version":"v1","deprecated":false,"target":{"file":"buffer/src/test/java/io/netty/buffer/AbstractByteBufTest.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["74569062187796223899485979063125234537","26582672315655099853088358041451045283","31271734137625329791322397087397769963","298611047676455948116168060715078638677","148325554537981696872251782976356783178","256498375948381386043494933468041620526","283646181990085704394233497985536862478","298611047676455948116168060715078638677"]},"id":"CVE-2021-21290-71b6314f"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_version":"v1","deprecated":false,"target":{"file":"handler/src/test/java/io/netty/handler/stream/ChunkedWriteHandlerTest.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["252991143558514121005935545319267746296","101404408938846687366810754936779896196","236109391468231026271536366304466961019","2657712984660219999544162481638510750","44982175153299047301817761031778951053","122833983693213591435498462213732094923","284065453517556888980291185384472319560","25948760528623399977695556379917529005"]},"id":"CVE-2021-21290-732f9826"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_version":"v1","deprecated":false,"target":{"function":"testGetChunk","file":"codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpDataTest.java"},"signature_type":"Function","digest":{"length":827,"function_hash":"246849731985799076138723663705634028248"},"id":"CVE-2021-21290-7b12a92b"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","digest":{"length":2477,"function_hash":"161024544670115321515883939794401273958"},"deprecated":false,"target":{"function":"load","file":"common/src/main/java/io/netty/util/internal/NativeLibraryLoader.java"},"signature_version":"v1","signature_type":"Function","id":"CVE-2021-21290-7b3a29bf"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","target":{"file":"transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["14899090742751240400262947320233118238","142746964522976098152758555838848904521","177377157224302066983641973066517727445","234915269546471457105686939726465171629","167142576291982566639816061111896886219","172932842993738265079470346669759910430","184397237865659816941013081346419683226"]},"id":"CVE-2021-21290-854c9fce"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_version":"v1","deprecated":false,"target":{"file":"buffer/src/test/java/io/netty/buffer/ReadOnlyDirectByteBufferBufTest.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["268885886391243981831444787227361221938","133980524984887425264703176300597070242","300673572801592270859024070327468245081","304251940734849884547876734095332473059"]},"id":"CVE-2021-21290-9b7af5ee"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","target":{"function":"testSetContentFromFile","file":"codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractMemoryHttpDataTest.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":673,"function_hash":"177627463989417368959680388028868942891"},"id":"CVE-2021-21290-9c83fe5d"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_version":"v1","deprecated":false,"target":{"function":"tempFile","file":"codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java"},"signature_type":"Function","digest":{"length":423,"function_hash":"15502376741811687921632289189073556485"},"id":"CVE-2021-21290-a38b8532"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_type":"Line","deprecated":false,"target":{"file":"codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpDataTest.java"},"digest":{"threshold":0.9,"line_hashes":["62985725149667727747964419647585038853","294311599676038881078269297537265362603","31559479192819924435465180336573327185","335065732922691617921381276840890378417"]},"signature_version":"v1","id":"CVE-2021-21290-aa73e5fd"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","target":{"file":"codec-http/src/test/java/io/netty/handler/codec/http/HttpChunkedInputTest.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["185210336263519967546090304702895498511","90374264491802833744898462321325505380","177676116226220609407249462676138492486","226493937101611337813351648277487647673","44982175153299047301817761031778951053","122833983693213591435498462213732094923","284065453517556888980291185384472319560","25948760528623399977695556379917529005"]},"id":"CVE-2021-21290-aeb49dd1"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_version":"v1","deprecated":false,"target":{"file":"codec-http/src/main/java/io/netty/handler/codec/http/multipart/AbstractDiskHttpData.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["46255748621991509751224389293356501573","153840593863356436674952952747292980707","92094541933597550855359695117949420525","171600452635882931683029555733064458913","14309124654035316106867388473821102333","303560818103671179211314644948416860948","238490929957309547654940634517830440870","137564737632815557126727203091346824325","125097685693659360498638533568579560213","115082714905007365612171383663573507239"]},"id":"CVE-2021-21290-b191955c"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","target":{"function":"testRenameTo","file":"codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractMemoryHttpDataTest.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":816,"function_hash":"138432552387786739329793433652346567744"},"id":"CVE-2021-21290-bc88d36e"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","target":{"function":"beforeClass","file":"handler/src/test/java/io/netty/handler/traffic/FileRegionThrottleTest.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":506,"function_hash":"225945559974801316469763203855258510785"},"id":"CVE-2021-21290-c6505721"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_version":"v1","deprecated":false,"target":{"function":"testWrapMemoryMapped","file":"buffer/src/test/java/io/netty/buffer/ReadOnlyDirectByteBufferBufTest.java"},"signature_type":"Function","digest":{"length":895,"function_hash":"165312999243004585005363029781348157707"},"id":"CVE-2021-21290-c83f7f2a"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","digest":{"threshold":0.9,"line_hashes":["21185224205250863049137516840967148341","122106550924688096087327000397688726553","146766429746316096140664071572530333697","283374030353294187812883443621319012800"]},"deprecated":false,"target":{"file":"transport/src/test/java/io/netty/channel/DefaultFileRegionTest.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2021-21290-cea768bf"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_type":"Function","deprecated":false,"target":{"function":"testFileRegion0","file":"testsuite/src/main/java/io/netty/testsuite/transport/socket/SocketFileRegionTest.java"},"digest":{"length":2762,"function_hash":"289856055505396381353084554327392944141"},"signature_version":"v1","id":"CVE-2021-21290-cff01b53"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","digest":{"threshold":0.9,"line_hashes":["191826684986620949446025733533152375134","132332118309381943872349701066672543822","297318031953878039265137777538167630352","213283888880769122829357242831781279234","188584693476633918249008217742135781052","103105849306680560436778935752193727287","229255527581203437930700022414372731223","300013309348704687579051427596703637527","120785853950431100409294329691144136923","142791160176691007916146744256913974539","202139655453783045308412754900298281989","90430648870466310586453335670671465632","105915229316210602047482481653596289631","67593662739416772608565511630403727899","25611685165630669706802591964042371056","235242649862161775663509560142015851258"]},"deprecated":false,"target":{"file":"handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2021-21290-d2c4bf7f"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_version":"v1","deprecated":false,"target":{"file":"codec-http/src/test/java/io/netty/handler/codec/http/multipart/AbstractMemoryHttpDataTest.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["216108586046636497504743219409460314480","294311599676038881078269297537265362603","31559479192819924435465180336573327185","335065732922691617921381276840890378417","165218274741257001951976388995175750500","294311599676038881078269297537265362603","223252058065772507785604747959510790466","227067432686324644082691196276091339266"]},"id":"CVE-2021-21290-d58b8581"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","digest":{"threshold":0.9,"line_hashes":["213071548672507060252027898348047309520","137862258711070624767573842603716787966","307137884368767751922542967138107027705","175781335838155413178614448230459348520","208302254308879896800134712328596899709","264337158096178366760555043909457978078","142702375422995247752769303898643558662","15525868939370147550757668641082336672"]},"deprecated":false,"target":{"file":"handler/src/test/java/io/netty/handler/traffic/FileRegionThrottleTest.java"},"signature_version":"v1","signature_type":"Line","id":"CVE-2021-21290-d7f19254"},{"source":"https://github.com/netty/netty/commit/c735357bf29d07856ad171c6611a2e1a0e0000ec","signature_type":"Function","deprecated":false,"target":{"function":"newSocketAddress","file":"transport-native-unix-common-tests/src/main/java/io/netty/channel/unix/tests/UnixTestUtils.java"},"digest":{"length":309,"function_hash":"317870465466781611295968114635425646062"},"signature_version":"v1","id":"CVE-2021-21290-f36ef78d"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}