Basapuram Kumar created TEZ-4599:
------------------------------------
Summary: Bump netty to 4.1.116 due to CVE
Key: TEZ-4599
URL: https://issues.apache.org/jira/browse/TEZ-4599
Project: Apache Tez
Issue Type: Improvement
Reporter: Basapuram Kumar
Bump netty to 4.1.116 due to CVE-2024-47535.
CVE-2024-47535 reference
[https://nvd.nist.gov/vuln/detail/CVE-2024-47535]
Description of the CVE
{code:java}
Netty is an asynchronous event-driven network application framework for rapid
development of maintainable high performance protocol servers & clients. An
unsafe reading of environment file could potentially cause a denial of service
in Netty. When loaded on an Windows application, Netty attempts to load a file
that does not exist. If an attacker creates such a large file, the Netty
application crashes. This vulnerability is fixed in 4.1.115. {code}
As per the above CVE, its fixed in netty-all>=4.1.115 versions.
So Suggested to
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
