[CASSANDRA-17633] netty vulnerable to CVE-2022-24823 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Normal
Resolution: Fixed
Fix Version/s: 3.0.28, 3.11.14, 4.0.5, 4.1-alpha1, 4.1-beta1, 4.1
Component/s: Dependencies
Labels:
None

Bug Category:
Security
Severity:
Normal
Complexity:
Normal
Discovered By:
User Report
Platform:

All
Impacts:

None
Since Version:

NA
Source Control Link:

https://github.com/apache/cassandra/commit/a482e374356fa401829e5e562460087b1d79927a
Test and Documentation Plan:

Hide

run CI

Show
run CI

Description

Dependency-Check Failure:
One or more dependencies were identified with vulnerabilities that have a CVSS score greater than or equal to '1.0': 
netty-all-4.0.44.Final.jar: CVE-2022-24823
See the dependency-check report for more details.

We already have suppressions for 4.0.44 and I suspect this will be another but should be investigated.

Attachments

Activity

People

Assignee:: Brandon Williams

Reporter:: Brandon Williams

Authors:: Brandon Williams

Reviewers:: Ekaterina Dimitrova

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 17/May/22 10:35

Updated:: 05/Oct/22 22:22

Resolved:: 18/May/22 15:15