Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Address netty vulnerability: CVE-2023-34462 #4599

Closed
TharmiganK opened this issue Jun 21, 2023 · 0 comments · Fixed by ballerina-platform/module-ballerina-http#1676
Closed

Address netty vulnerability: CVE-2023-34462 #4599

TharmiganK opened this issue Jun 21, 2023 · 0 comments · Fixed by ballerina-platform/module-ballerina-http#1676
Assignees
@TharmiganK
Labels
module/grpc module/http module/tcp module/udp module/websocket Team/PCM Protocol connector packages related issues Type/Task
Milestone
2201.7.0

Comments

@TharmiganK
Copy link
Contributor

Description:

$Subject

┌─────────────────────────────────────────────────────────┬────────────────┬──────────┬───────────────────┬───────────────┬────────────────────────────────────────────┐
│                         Library                         │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                   Title                    │
├─────────────────────────────────────────────────────────┼────────────────┼──────────┼───────────────────┼───────────────┼────────────────────────────────────────────┤
│ io.netty:netty-handler (netty-handler-4.1.86.Final.jar) │ CVE-2023-34462 │ MEDIUM   │ 4.1.86.Final      │ 4.1.94.Final  │ netty-handler SniHandler 16MB allocation   │
│                                                         │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-34462 │
└─────────────────────────────────────────────────────────┴────────────────┴──────────┴───────────────────┴───────────────┴────────────────────────────────────────────┘

Describe your task(s)

Update netty and netty-tcnative versions to latest
@TharmiganK TharmiganK added Type/Task module/http Team/PCM Protocol connector packages related issues labels Jun 21, 2023
@TharmiganK TharmiganK mentioned this issue Jun 21, 2023
Merged
5 tasks
@TharmiganK TharmiganK self-assigned this Jun 22, 2023
This was referenced Jun 22, 2023
Merged
Merged
Merged
@TharmiganK TharmiganK added this to the 2201.7.0 milestone Jun 30, 2023
This was referenced Jun 30, 2023
Merged
Merged
Merged
Merged
Merged
Merged
Merged
@MohamedSabthar MohamedSabthar modified the milestones: 2201.7.0, 2201.6.1 Jul 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TharmiganK TharmiganK

Labels
module/grpc module/http module/tcp module/udp module/websocket Team/PCM Protocol connector packages related issues Type/Task
Projects
Ballerina Team Main Board
Archived in project
Milestone
2201.7.0
Development

Successfully merging a pull request may close this issue.

Update vulnerable netty version ballerina-platform/module-ballerina-http
2 participants
@MohamedSabthar @TharmiganK