[
https://issues.apache.org/jira/browse/CASSANDRA-18808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17760849#comment-17760849
]
Brandon Williams commented on CASSANDRA-18808:
----------------------------------------------
A CVE has been created but there is no information yet:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-4586
On CASSANDRA-18812 Stefan found
https://ossindex.sonatype.org/vulnerability/CVE-2023-4586 which looks correct
but I'd rather wait for mitre or nist to publish something.
> netty-handler vulnerability: CVE-2023-4586
> ------------------------------------------
>
> Key: CASSANDRA-18808
> URL: https://issues.apache.org/jira/browse/CASSANDRA-18808
> Project: Cassandra
> Issue Type: Bug
> Components: Consistency/Coordination
> Reporter: Brandon Williams
> Assignee: Brandon Williams
> Priority: Normal
> Fix For: 5.0.x, 5.x
>
>
> This is failing OWASP:
> {noformat}
> Dependency-Check Failure:
> One or more dependencies were identified with vulnerabilities that have a
> CVSS score greater than or equal to '1.0':
> netty-handler-4.1.96.Final.jar: CVE-2023-4586
> {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
