[Bug 64932] New: Vulnerabilities in JMeter 5.3 against Netty

bugzilla Thu, 19 Nov 2020 01:37:27 -0800

https://bz.apache.org/bugzilla/show_bug.cgi?id=64932


            Bug ID: 64932
           Summary: Vulnerabilities in JMeter 5.3 against Netty
           Product: JMeter
           Version: 5.3
          Hardware: PC
            Status: NEW
          Severity: critical
          Priority: P2
         Component: Main
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: JMETER_5.4

Created attachment 37576
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37576&action=edit
security issues reported by CVE

Vulnerabilities are reported against Netty in neo4j-java-driver-1.7.5.jar.
Please update Netty to the latest version (or at least 4.1.46) to fix these
security issues.

Priority        File    CVE     Solution
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-buffer/pom.xml  
https://nvd.nist.gov/vuln/detail/CVE-2020-11612 Upgrade to Netty 4.1.46
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-buffer/pom.xml  
https://nvd.nist.gov/vuln/detail/CVE-2019-20445 Upgrade to Netty 4.1.44
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-buffer/pom.xml  
https://nvd.nist.gov/vuln/detail/CVE-2019-20444 Upgrade to Netty 4.1.44
High   
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-buffer/pom.xml  
https://nvd.nist.gov/vuln/detail/CVE-2019-16869 Upgrade to Netty 4.1.42
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-codec/pom.xml   
https://nvd.nist.gov/vuln/detail/CVE-2020-11612 Upgrade to Netty 4.1.46
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-codec/pom.xml   
https://nvd.nist.gov/vuln/detail/CVE-2019-20445 Upgrade to Netty 4.1.44
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-codec/pom.xml   
https://nvd.nist.gov/vuln/detail/CVE-2019-20444 Upgrade to Netty 4.1.44
High   
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-codec/pom.xml   
https://nvd.nist.gov/vuln/detail/CVE-2019-16869 Upgrade to Netty 4.1.42
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-common/pom.xml  
https://nvd.nist.gov/vuln/detail/CVE-2019-20444 Upgrade to Netty 4.1.44
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-common/pom.xml  
https://nvd.nist.gov/vuln/detail/CVE-2020-11612 Upgrade to Netty 4.1.46
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-common/pom.xml  
https://nvd.nist.gov/vuln/detail/CVE-2019-20445 Upgrade to Netty 4.1.44
High   
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-common/pom.xml  
https://nvd.nist.gov/vuln/detail/CVE-2019-16869 Upgrade to Netty 4.1.42
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-handler/pom.xml 
https://nvd.nist.gov/vuln/detail/CVE-2020-11612 Upgrade to Netty 4.1.46
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-handler/pom.xml 
https://nvd.nist.gov/vuln/detail/CVE-2019-20445 Upgrade to Netty 4.1.44
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-handler/pom.xml 
https://nvd.nist.gov/vuln/detail/CVE-2019-20444 Upgrade to Netty 4.1.44
High   
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-handler/pom.xml 
https://nvd.nist.gov/vuln/detail/CVE-2019-16869 Upgrade to Netty 4.1.42
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-resolver/pom.xml
https://nvd.nist.gov/vuln/detail/CVE-2020-11612 Upgrade to Netty 4.1.46
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-resolver/pom.xml
https://nvd.nist.gov/vuln/detail/CVE-2019-20445 Upgrade to Netty 4.1.44
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-resolver/pom.xml
https://nvd.nist.gov/vuln/detail/CVE-2019-20444 Upgrade to Netty 4.1.44
High   
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-resolver/pom.xml
https://nvd.nist.gov/vuln/detail/CVE-2019-16869 Upgrade to Netty 4.1.42
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-transport/pom.xml
       https://nvd.nist.gov/vuln/detail/CVE-2020-11612 Upgrade to Netty 4.1.46
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-transport/pom.xml
       https://nvd.nist.gov/vuln/detail/CVE-2019-20445 Upgrade to Netty 4.1.44
Critical       
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-transport/pom.xml
       https://nvd.nist.gov/vuln/detail/CVE-2019-20444 Upgrade to Netty 4.1.44
High   
/lib/neo4j-java-driver-1.7.5.jar/META-INF/maven/io.netty/netty-transport/pom.xml
       https://nvd.nist.gov/vuln/detail/CVE-2019-16869 Upgrade to Netty 4.1.42

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 64932] New: Vulnerabilities in JMeter 5.3 against Netty

Reply via email to