CVE-2024-47535 (Medium) detected in netty-common-4.1.67.Final.jar, netty-common-4.1.76.Final.jar #418
Labels
Mend: dependency security vulnerability
Security vulnerability detected by WhiteSource
CVE-2024-47535 - Medium Severity Vulnerability
Vulnerable Libraries - netty-common-4.1.67.Final.jar, netty-common-4.1.76.Final.jar
netty-common-4.1.67.Final.jar
Library home page: https://netty.io/
Path to dependency file: /swagger-client/micronaut/pom.xml
Path to vulnerable library: /swagger-client/micronaut/pom.xml
Dependency Hierarchy:
netty-common-4.1.76.Final.jar
Library home page: https://netty.io/
Path to dependency file: /openapi-client/java-micronaut-client/pom.xml
Path to vulnerable library: /openapi-client/java-micronaut-client/pom.xml
Dependency Hierarchy:
Found in HEAD commit: 0879348474e22463e77dc76ba5e5f7e6300a2b6c
Found in base branch: master
Vulnerability Details
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
Publish Date: 2024-11-12
URL: CVE-2024-47535
CVSS 3 Score Details (5.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: GHSA-xq3w-v528-46rv
Release Date: 2024-11-12
Fix Resolution: io.netty:netty-common:4.1.115.Final
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: