joybestourous
commented
2 years ago Hey! Finagle 22.7.0 was released last week, and it includes a bump to 4.1.78.
Closed lokeshmittal10 closed 2 years ago
joybestourous
commented
2 years ago Hey! Finagle 22.7.0 was released last week, and it includes a bump to 4.1.78.
Describe the bug Currently Finagle library has Netty version as 4.1.73.Final which is vulnerable with CVE-2022-24823. To remove this Netty version should be >= 4.1.78.Final. So for this finagle library should be updated with netty version >= 4.1.78.Final.
Steps to reproduce the behavior:
Scan the docker image with twistcli (https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/tools/twistcli_scan_images)
In the report of scan the above CVE-2022-24823 vulnerability will be seen . For reference attaching the screenshot.
Expected behavior In the scan report CVE-2022-24823 should not be there
Screenshots
Environment All
Additional context Add any other context about the problem here.