[ https://issues.apache.org/jira/browse/CASSANDRA-18808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17760407#comment-17760407 ]
Brandon Williams commented on CASSANDRA-18808: ---------------------------------------------- I'm not able to find anything on this CVE, but experience here has shown we should probably just wait a few days and check again. > netty-handler vulnerability: CVE-2023-4586 > ------------------------------------------ > > Key: CASSANDRA-18808 > URL: https://issues.apache.org/jira/browse/CASSANDRA-18808 > Project: Cassandra > Issue Type: Bug > Components: Consistency/Coordination > Reporter: Brandon Williams > Assignee: Brandon Williams > Priority: Normal > Fix For: 5.x > > > This is failing OWASP: > {noformat} > Dependency-Check Failure: > One or more dependencies were identified with vulnerabilities that have a > CVSS score greater than or equal to '1.0': > netty-handler-4.1.96.Final.jar: CVE-2023-4586 > {noformat} -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org