Xavier Fernandis created HBASE-30263:
----------------------------------------
Summary: Exclude transitive netty-resolver-dns to mitigate CVEs
Key: HBASE-30263
URL: https://issues.apache.org/jira/browse/HBASE-30263
Project: HBase
Issue Type: Task
Reporter: Xavier Fernandis
Assignee: Xavier Fernandis
||CVE||Severity|*Description*|
|*CVE-2026-45673*|High|DNS Cache Poisoning due to predictable PRNG and default
static source port (Kaminsky attack)|
|*CVE-2026-45674*|High|DNS Cache Poisoning via unvalidated CNAME record origin
in {{DnsResolveContext}}|
|*CVE-2026-47691*|High|DNS Cache Poisoning via flawed bailiwick validation for
NS records|
{{}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
