search

IBMStreams / streamsx.hbase

Integration of IBM Streams and Apache HBase
http://ibmstreams.github.io/streamsx.hbase/
Other
9 stars 12 forks source link

Vulnerability found in io.netty:netty-all #118

Closed schubon closed 4 years ago

schubon commented 5 years ago

Details

CVE-2019-16869

Vulnerable versions: < 4.1.42 Patched version: 4.1.42

Netty before 4.1.42.Final mishandles whitespace before the colon in HTTP headers (such as a "Transfer-Encoding : chunked" line), which leads to HTTP request smuggling.

Remediation

Upgrade io.netty:netty-all to version 4.1.42 or later. For example:

<dependency>
  <groupId>io.netty</groupId>
  <artifactId>netty-all</artifactId>
  <version>[4.1.42,)</version>
</dependency>

Always verify the validity and compatibility of suggestions with your codebase.

anouri commented 5 years ago

The pom.xml of streamsx.hbase has been adapted. The jar library netty-all-4.0.52.Final.jar upgraded to netty-all-4.1.42.Final.jar .

anouri commented 4 years ago

Correction delivered in stremsx.hbase version 3.8.1 https://github.com/IBMStreams/streamsx.hbase/releases/tag/v3.8.1

schubon commented 4 years ago

As there is an appropriate release ... => closed