Hello Team, We are having java based HDFS client which uses Hadoop-hdfs-3.3.3 as it's dependency. in our application. Hadoop-hdfs-3.3.3 uses netty 3.10.6.Final as deep dependency. We got the following vulnerability in netty using JFrog Xray. Description : Netty contains a flaw in the AbstractDiskHttpData.delete() function in handler/codec/http/multipart/AbstractDiskHttpData.java that is triggered as temporary file entries are added to the 'DeleteOnExitHook' object but not properly removed when processing POST requests that are 16 kB. This may allow a remote attacker to exhaust available memory resources, potentially resulting in a denial of service. What is the impact of this vulnerablility on HDFS client? If HDFS Client is impacted then what is the mitigation plan for that?
Regards, Deepti Sharma PMPĀ® & ITIL
