Disha Talreja created ATLAS-4806:
------------------------------------
Summary: Upgrade netty to 4.1.100.Final due to CVE-2023-44487
Key: ATLAS-4806
URL: https://issues.apache.org/jira/browse/ATLAS-4806
Project: Atlas
Issue Type: Task
Components: atlas-core
Reporter: Disha Talreja
Assignee: Disha Talreja
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption)
because request cancellation can reset many streams quickly, as exploited in
the wild in August through October 2023.
*Base Score:* [7.5
HIGH|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-44487&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1&source=NIST]
There is a known exploit for this vulnerability, so we need to prioritise this
despite it being a High severity CVE and not a critical.
[https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p]
h4.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
