Uploaded image for project: 'Talend Unified Platform'
  1. Talend Unified Platform
  2. TUP-22584

[CVE:high] Backend : pkg:maven/io.netty:netty-all:4.0.23.Final requires version upgrade

Apply templateInsert Lucidchart Diagram
    XMLWordPrintable

Details

    • Work Item
    • Status: Rejected
    • Critical
    • Resolution: Duplicate
    • None
    • None
    • None
    • All
    • GreenHopper Ranking:
      0|i1gqtv:
    • 9223372036854775807
    • Small

    Description

      What: this is security issue

      {{
      {
      "path": "Studio",
      "advisory": "CVE-2016-4970",
      "purl": "pkg:maven/io.netty:netty-all:4.0.23.Final",
      "severity": "high",
      "title": "handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and 4.1.x before 4.1.1.Final allows remote attackers to cause a denial of service (infinite loop).",
      "tool": "NVD",
      "jira": null,
      "audit": "2019-04-01",
      "context": {
      "findings": {
      "efd56af9-62c0-430b-84e7-f45fedd08060": {
      "5bb239a8-41a0-4de5-a61b-44933bd79d96": [

      { "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.libraries.apache.cassandra_7.1.1.20181026_1147/lib/netty-common-4.0.33.Final.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "9be459ab-dc01-4970-8bfa-48712bc6bde5", "Match type": "Exact", "Version id": "5bb239a8-41a0-4de5-a61b-44933bd79d96", "Origin name": "maven", "Component id": "efd56af9-62c0-430b-84e7-f45fedd08060", "Match content": "", "Overridden By": "", "Component name": "Netty Project", "Origin name id": "io.netty:netty-common:4.0.33.Final", "Archive context": "", "Component version name": "4.0.33.Final", "Component policy status": "", "Component origin version name": "4.0.33.Final" }

      ,

      { "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.libraries.apache.cassandra_7.1.1.20181026_1147/lib/netty-buffer-4.0.33.Final.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "dc1cd099-082f-4da5-a391-60a58c1d4e06", "Match type": "Exact", "Version id": "5bb239a8-41a0-4de5-a61b-44933bd79d96", "Origin name": "maven", "Component id": "efd56af9-62c0-430b-84e7-f45fedd08060", "Match content": "", "Overridden By": "", "Component name": "Netty Project", "Origin name id": "io.netty:netty-buffer:4.0.33.Final", "Archive context": "", "Component version name": "4.0.33.Final", "Component policy status": "", "Component origin version name": "4.0.33.Final" }

      ,

      { "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.libraries.apache.cassandra_7.1.1.20181026_1147/lib/netty-codec-4.0.33.Final.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "839e6f39-00cd-42b8-a876-01ded86d4092", "Match type": "Exact", "Version id": "5bb239a8-41a0-4de5-a61b-44933bd79d96", "Origin name": "maven", "Component id": "efd56af9-62c0-430b-84e7-f45fedd08060", "Match content": "", "Overridden By": "", "Component name": "Netty Project", "Origin name id": "io.netty:netty-codec:4.0.33.Final", "Archive context": "", "Component version name": "4.0.33.Final", "Component policy status": "", "Component origin version name": "4.0.33.Final" }

      ,

      { "Path": "/io/", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "569d3a77-316f-44d1-bad7-6e1f8090e163", "Match type": "Files Modified", "Version id": "5bb239a8-41a0-4de5-a61b-44933bd79d96", "Origin name": "maven", "Component id": "efd56af9-62c0-430b-84e7-f45fedd08060", "Match content": "", "Overridden By": "", "Component name": "Netty Project", "Origin name id": "io.netty:netty-all:4.0.33.Final", "Archive context": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.libraries.apache.cassandra_7.1.1.20181026_1147/lib/spark-cassandra-connector-assembly-1.6.2-patched-20161017.jar!/", "Component version name": "4.0.33.Final", "Component policy status": "", "Component origin version name": "4.0.33.Final" }

      ,

      { "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.libraries.apache.cassandra_7.1.1.20181026_1147/lib/netty-transport-4.0.33.Final.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "20770326-f383-469a-8911-2d4e773bb627", "Match type": "Exact", "Version id": "5bb239a8-41a0-4de5-a61b-44933bd79d96", "Origin name": "maven", "Component id": "efd56af9-62c0-430b-84e7-f45fedd08060", "Match content": "", "Overridden By": "", "Component name": "Netty Project", "Origin name id": "io.netty:netty-transport:4.0.33.Final", "Archive context": "", "Component version name": "4.0.33.Final", "Component policy status": "", "Component origin version name": "4.0.33.Final" }

      ,

      { "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.libraries.apache.cassandra_7.1.1.20181026_1147/lib/netty-handler-4.0.33.Final.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "670ac1b3-51cb-4dc3-a690-061f28f667ac", "Match type": "Exact", "Version id": "5bb239a8-41a0-4de5-a61b-44933bd79d96", "Origin name": "maven", "Component id": "efd56af9-62c0-430b-84e7-f45fedd08060", "Match content": "", "Overridden By": "", "Component name": "Netty Project", "Origin name id": "io.netty:netty-handler:4.0.33.Final", "Archive context": "", "Component version name": "4.0.33.Final", "Component policy status": "", "Component origin version name": "4.0.33.Final" }

      ],
      "8fe924a7-528d-4fe2-aac1-2869ca161777": [

      { "Path": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.hadoop.distribution.emr450.jars_7.1.1.20181026_1147/lib/netty-all-4.0.23.Final.jar", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "2f2e1ba7-0371-4381-83c7-baf2ec502f7f", "Match type": "Exact", "Version id": "8fe924a7-528d-4fe2-aac1-2869ca161777", "Origin name": "maven", "Component id": "efd56af9-62c0-430b-84e7-f45fedd08060", "Match content": "", "Overridden By": "", "Component name": "Netty Project", "Origin name id": "io.netty:netty-all:4.0.23.Final", "Archive context": "", "Component version name": "4.0.23.Final", "Component policy status": "", "Component origin version name": "4.0.23.Final" }

      ],
      "d5bc4c57-dc3a-4619-b94a-3e0e47a1346f": [

      { "Path": "/META-INF/native/libnetty-transport-native-epoll.so", "Usage": "DYNAMICALLY_LINKED", "Adjusted": "false", "Origin id": "d0d1c6c6-eb5d-408f-97db-aff91b3c9932", "Match type": "Exact", "Version id": "d5bc4c57-dc3a-4619-b94a-3e0e47a1346f", "Origin name": "maven", "Component id": "efd56af9-62c0-430b-84e7-f45fedd08060", "Match content": "", "Overridden By": "", "Component name": "Netty Project", "Origin name id": "io.netty:netty-all:4.0.29.Final", "Archive context": "/Talend-Studio-20181026_1147-V7.1.1/plugins/org.talend.hadoop.distribution.hdp250.jars_7.1.1.20181026_1147/lib/spark-streaming-kafka-assembly_2.10-1.6.2.2.5.0.0-1245.jar!/", "Component version name": "4.0.29.Final", "Component policy status": "", "Component origin version name": "4.0.29.Final" }

      ]
      }
      }
      },
      "uuid": "7f132048-3ef9-486e-997c-e8d3b7072742",
      "version": "7.1",
      "jira_slug": "TUP",
      "jira_component": null
      }
      }}

      Attachments

        Activity

          People

            nrousseau Nicolas Rousseau
            jmfrancois Jean-Michel Francois
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: