[
https://issues.apache.org/jira/browse/ATLAS-4806?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17815782#comment-17815782
]
ASF subversion and git services commented on ATLAS-4806:
--------------------------------------------------------
Commit f9df3293d74e10894ab4730ad2b8ccc593d8bc04 in atlas's branch
refs/heads/master from Disha Talreja
[ https://gitbox.apache.org/repos/asf?p=atlas.git;h=f9df3293d ]
ATLAS-4806: Upgrade netty to 4.1.100.Final due to CVE-2023-44487
Signed-off-by: radhikakundam <[email protected]>
> Upgrade netty to 4.1.100.Final due to CVE-2023-44487
> ----------------------------------------------------
>
> Key: ATLAS-4806
> URL: https://issues.apache.org/jira/browse/ATLAS-4806
> Project: Atlas
> Issue Type: Task
> Components: atlas-core
> Reporter: Disha Talreja
> Assignee: Disha Talreja
> Priority: Major
> Attachments: ATLAS-4806.patch
>
>
> CVE-2023-44487
> The HTTP/2 protocol allows a denial of service (server resource consumption)
> because request cancellation can reset many streams quickly, as exploited in
> the wild in August through October 2023.
> *Base Score:* [7.5
> HIGH|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-44487&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1&source=NIST]
> There is a known exploit for this vulnerability, so we need to prioritise
> this despite it being a High severity CVE and not a critical.
> [https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p]
> h4.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
