diff --git a/build.gradle b/build.gradle
index 8edee32..dd6e383 100644
--- a/build.gradle
+++ b/build.gradle
@@ -35,6 +35,13 @@ subprojects {
                 useVersion('11.0.21')
                 because('GHSA-rv64-5gf8-9qq8 / GHSA-x4m4-345f-5h5g / GHSA-24j9-x2wg-9qv6: Apache Tomcat < 11.0.21 vulnerabilities')
             }
+            if (requested.group == 'io.netty' && requested.version != null) {
+                def nettyVersion = requested.version =~ /^4\.2\.(\d+)\./
+                if (nettyVersion && nettyVersion[0][1].toInteger() < 13) {
+                    useVersion('4.2.13.Final')
+                    because('GHSA-rwm7-x88c-3g2p: Netty epoll transport denial of service via RST on half-closed TCP connection')
+                }
+            }
         }
     }
 
diff --git a/examples/example-spring-boot-starter-webflux/build.gradle b/examples/example-spring-boot-starter-webflux/build.gradle
index 11643fb..e55e15a 100644
--- a/examples/example-spring-boot-starter-webflux/build.gradle
+++ b/examples/example-spring-boot-starter-webflux/build.gradle
@@ -6,6 +6,7 @@ plugins {
 }
 
 ext['jackson-bom.version'] = '3.1.1'
+ext['netty.version'] = '4.2.13.Final'
 
 dependencies {
     implementation project(':examples:examples-common')