kumarbairesh
commented
1 year ago @tigerlily-he. @mosesn Any update on this ?
Closed kumarbairesh closed 10 months ago
kumarbairesh
commented
1 year ago @tigerlily-he. @mosesn Any update on this ?
kumarbairesh
commented
1 year ago @tigerlily-he @mosesn An update on this ?
mattdickinson5
commented
10 months ago
Describe the bug @tigerlily-he @mosesn The Finagle version of 22.12.0 does it have the netty version 4.1.86.Final ?? Because the following CVE's are fixed in this netty version, Can you help which version of netty is present in the latest Finagle?? CVE ID: https://github.com/advisories/GHSA-fx2c-96vj-985v CVSS score: 7.5 Description: Netty project is an event-driven asynchronous network application framework. In versions prior to 4.1.86.Final, a StackOverflowError can be raised when parsing a malformed crafted message due to an infinite recursion. This issue is patched in version 4.1.86.Final. There is no workaround, except using a custom HaProxyMessageDecoder.
To Reproduce Steps to reproduce the behavior:
Expected behavior A clear and concise description of what you expected to happen.
Screenshots If applicable, add screenshots to help explain your problem.
Environment For web, specify your OS and browser version. For mobile, specify device, OS and version. For libraries, what version of build tools are you using?
Additional context Add any other context about the problem here.