[
https://issues.apache.org/jira/browse/TEZ-4599?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ayush Saxena resolved TEZ-4599.
-------------------------------
Fix Version/s: 0.10.5
Resolution: Fixed
> Bump netty to 4.1.116 due to CVE
> --------------------------------
>
> Key: TEZ-4599
> URL: https://issues.apache.org/jira/browse/TEZ-4599
> Project: Apache Tez
> Issue Type: Improvement
> Reporter: Basapuram Kumar
> Assignee: Basapuram Kumar
> Priority: Major
> Fix For: 0.10.5
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Bump netty to 4.1.116 due to CVE-2024-47535.
> CVE-2024-47535 reference
> [https://nvd.nist.gov/vuln/detail/CVE-2024-47535]
>
> Description of the CVE
> {code:java}
> Netty is an asynchronous event-driven network application framework for rapid
> development of maintainable high performance protocol servers & clients. An
> unsafe reading of environment file could potentially cause a denial of
> service in Netty. When loaded on an Windows application, Netty attempts to
> load a file that does not exist. If an attacker creates such a large file,
> the Netty application crashes. This vulnerability is fixed in 4.1.115. {code}
> As per the above CVE, its fixed in netty-all>=4.1.115 versions.
> So Suggested to
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
