[ATLAS-4806] Upgrade netty to 4.1.100.Final due to CVE-2023-44487 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.0, 2.4.0
Component/s: atlas-core
Labels:
None

Description

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Base Score: 7.5 HIGH

There is a known exploit for this vulnerability, so we need to prioritise this despite it being a High severity CVE and not a critical.

https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ATLAS-4806.patch
30/Oct/23 23:19
0.9 kB
Disha Talreja

Activity

People

Assignee:: Disha Talreja

Reporter:: Disha Talreja

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 30/Oct/23 19:45

Updated:: 08/Feb/24 18:34

Resolved:: 08/Feb/24 18:34