[jira] [Created] (ATLAS-4806) Upgrade netty to 4.1.100.Final due to CVE-2023-44487

Disha Talreja (Jira) Mon, 30 Oct 2023 12:46:04 -0700

Disha Talreja created ATLAS-4806:
------------------------------------

             Summary: Upgrade netty to 4.1.100.Final due to CVE-2023-44487
                 Key: ATLAS-4806
                 URL: https://issues.apache.org/jira/browse/ATLAS-4806
             Project: Atlas
          Issue Type: Task
          Components:  atlas-core
            Reporter: Disha Talreja
            Assignee: Disha Talreja



CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) 
because request cancellation can reset many streams quickly, as exploited in 
the wild in August through October 2023.
*Base Score:* [7.5 
HIGH|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-44487&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1&source=NIST]

There is a known exploit for this vulnerability, so we need to prioritise this 
despite it being a High severity CVE and not a critical.

[https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p] 
h4.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (ATLAS-4806) Upgrade netty to 4.1.100.Final due to CVE-2023-44487

Reply via email to