[jira] [Comment Edited] (CASSANDRA-18812) Investigate and fix CVE-2023-4586
[ https://issues.apache.org/jira/browse/CASSANDRA-18812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17760806#comment-17760806 ] Stefan Miklosovic edited comment on CASSANDRA-18812 at 8/31/23 9:11 AM: [https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven=io.netty%2Fnetty-handler_source=dependency-check_medium=integration_content=8.3.1] This is interesting: https://github.com/netty/netty/issues/9930#issuecomment-572196335 https://github.com/netty/netty/issues/9930#issuecomment-572201601 we are not setting hostname / port. https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/security/SSLFactory.java#L359 I have not dug deep here, I have to admit that, just posting what I see. was (Author: smiklosovic): [https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven=io.netty%2Fnetty-handler_source=dependency-check_medium=integration_content=8.3.1] This is interesting: https://github.com/netty/netty/issues/9930#issuecomment-572196335 we are not setting hostname / port. https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/security/SSLFactory.java#L359 I have not dug deep here, I have to admit that, just posting what I see. > Investigate and fix CVE-2023-4586 > - > > Key: CASSANDRA-18812 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18812 > Project: Cassandra > Issue Type: Improvement >Reporter: Stefan Miklosovic >Priority: Normal > Fix For: 5.x > > Attachments: dependency-check-report.html > > > CVE-2023-4586 was found by dependency checker on 5.0 / trunk for Netty 4.1.96. > > HTML report is attached. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-18812) Investigate and fix CVE-2023-4586
[ https://issues.apache.org/jira/browse/CASSANDRA-18812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17760806#comment-17760806 ] Stefan Miklosovic edited comment on CASSANDRA-18812 at 8/31/23 9:09 AM: [https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven=io.netty%2Fnetty-handler_source=dependency-check_medium=integration_content=8.3.1] This is interesting: https://github.com/netty/netty/issues/9930#issuecomment-572196335 we are not setting hostname / port. https://github.com/apache/cassandra/blob/trunk/src/java/org/apache/cassandra/security/SSLFactory.java#L359 I have not dug deep here, I have to admit that, just posting what I see. was (Author: smiklosovic): [https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven=io.netty%2Fnetty-handler_source=dependency-check_medium=integration_content=8.3.1] This is interesting: https://github.com/netty/netty/issues/9930#issuecomment-572196335 > Investigate and fix CVE-2023-4586 > - > > Key: CASSANDRA-18812 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18812 > Project: Cassandra > Issue Type: Improvement >Reporter: Stefan Miklosovic >Priority: Normal > Fix For: 5.x > > Attachments: dependency-check-report.html > > > CVE-2023-4586 was found by dependency checker on 5.0 / trunk for Netty 4.1.96. > > HTML report is attached. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org
[jira] [Comment Edited] (CASSANDRA-18812) Investigate and fix CVE-2023-4586
[ https://issues.apache.org/jira/browse/CASSANDRA-18812?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17760806#comment-17760806 ] Stefan Miklosovic edited comment on CASSANDRA-18812 at 8/31/23 9:06 AM: [https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven=io.netty%2Fnetty-handler_source=dependency-check_medium=integration_content=8.3.1] This is interesting: https://github.com/netty/netty/issues/9930#issuecomment-572196335 was (Author: smiklosovic): [https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven=io.netty%2Fnetty-handler_source=dependency-check_medium=integration_content=8.3.1] This is interesting: https://github.com/netty/netty/issues/9930#issuecomment-572578899 So ... probably not a big deal. > Investigate and fix CVE-2023-4586 > - > > Key: CASSANDRA-18812 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18812 > Project: Cassandra > Issue Type: Improvement >Reporter: Stefan Miklosovic >Priority: Normal > Fix For: 5.x > > Attachments: dependency-check-report.html > > > CVE-2023-4586 was found by dependency checker on 5.0 / trunk for Netty 4.1.96. > > HTML report is attached. -- This message was sent by Atlassian Jira (v8.20.10#820010) - To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org