Uploaded image for project: 'Jackrabbit Oak'
  1. Jackrabbit Oak
  2. OAK-9611

Bump netty dependency from 4.1.66.Final to 4.1.68.Final

    XMLWordPrintableJSON

Details

    Description

      Vulnerability SP10: org.apache.jackrabbit : oak-segment-tar : 1.22.8

      Vulnerabilities

      CVE-2021-37136

      The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).

      All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack

      https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv

      Attachments

        Issue Links

          Blocked

          Bug - A problem which impairs or prevents the functions of the product. OAK-9617 VersionGCSplitDocTest does not clean up after test

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          links to

          Web Link GitHub Pull Request #407

          Web Link GitHub Pull Request #417

          Web Link GitHub Pull Request #418

          Web Link GitHub Pull Request #421

          Web Link GitHub Pull Request #422

          Web Link GitHub Pull Request #423

          Web Link GitHub Pull Request #426

          Activity

            People

              miroslav Miroslav Smiljanic
              arun92ram Arun Kumar Ram
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: