search

MidnightBSD / security-advisory

A rest api to pull NVD security advisory data and formulate it for mport consumption
BSD 2-Clause "Simplified" License
1 stars 2 forks source link

CVE-2023-4586 (High) detected in netty-handler-4.1.100.Final.jar - autoclosed #181

Closed mend-bolt-for-github[bot] closed 10 months ago

mend-bolt-for-github[bot] commented 11 months ago

CVE-2023-4586 - High Severity Vulnerability

Vulnerable Library - netty-handler-4.1.100.Final.jar

Library home page: https://netty.io/

Path to dependency file: /pom.xml

Path to vulnerable library: /home/wss-scanner/.m2/repository/io/netty/netty-handler/4.1.100.Final/netty-handler-4.1.100.Final.jar

Dependency Hierarchy: - spring-boot-starter-data-redis-2.7.17.jar (Root Library) - lettuce-core-6.1.10.RELEASE.jar - :x: **netty-handler-4.1.100.Final.jar** (Vulnerable Library)

Found in HEAD commit: 270465e4bf74e87253e9245ca2e1fc7ed83b0cbb

Found in base branch: master

Vulnerability Details

After conducting further research, Mend has determined that versions 4.1.x before stable releases of 5.x of io.netty:netty-handler are vulnerable to CVE-2023-4586.

Publish Date: 2023-10-04

URL: CVE-2023-4586

CVSS 3 Score Details (7.4)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: High - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://nvd.nist.gov/vuln/detail/CVE-2023-4586

Release Date: 2023-10-04

Fix Resolution: io.netty:netty-handler - 5.0.0.Alpha1

Step up your Open Source Security Game with Mend here

mend-bolt-for-github[bot] commented 10 months ago

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.