CVE-2025-58057: Netty's decoders vulnerable to DoS via zip bomb style attack
With specially crafted input, BrotliDecoder
and some other decompressing decoders will allocate a large number of reachable byte buffers, which can lead to denial of service.
References
Code Behaviors & Features
Detect and mitigate CVE-2025-58057 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →