[ZOOKEEPER-4762] Update netty jars to 4.1.99+ to fix CVE-2023-4586 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Critical
Resolution: Fixed
Affects Version/s: 3.8.3
Fix Version/s: 3.8.4
Component/s: None
Labels:
None

Description

https://nvd.nist.gov/vuln/detail/CVE-2023-4586
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Dhoka Pramod

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 16/Oct/23 06:34

Updated:: 20/Mar/24 19:06

Resolved:: 20/Mar/24 19:06