[jira] [Created] (HDDS-9514) Upgrade netty to 4.1.100.Final

Rohit Kumar (Jira) Fri, 20 Oct 2023 03:31:10 -0700

Rohit Kumar created HDDS-9514:
---------------------------------

             Summary: Upgrade netty to 4.1.100.Final
                 Key: HDDS-9514
                 URL: https://issues.apache.org/jira/browse/HDDS-9514
             Project: Apache Ozone
          Issue Type: Task
            Reporter: Rohit Kumar
            Assignee: Rohit Kumar



Upgrade netty to 4.1.100.Final due to CVE-2023-44487

CVE-2023-44487

The HTTP/2 protocol allows a denial of service (server resource consumption) 
because request cancellation can reset many streams quickly, as exploited in 
the wild in August through October 2023.

*Base Score:* [7.5 
HIGH|https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?name=CVE-2023-44487&vector=AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H&version=3.1&source=NIST]

There is a known exploit for this vulnerability, so we need to prioritise this 
despite it being a High severity CVE and not a critical.

[https://github.com/netty/netty/security/advisories/GHSA-xpw8-rcwv-8f8p] 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Created] (HDDS-9514) Upgrade netty to 4.1.100.Final

Reply via email to