async-http-client icon indicating copy to clipboard operation
async-http-client copied to clipboard

Published 20 hours ago verified publisher icon AsyncHttpClient

Denial of Service (DoS) vulnerability in 4.1.60.Final

Open ronanwatkins opened this issue 4 years ago • 4 comments

Recommend upgrading netty.version to 4.1.68.Final in the pom. It's causing snyk to report high vulnerabilities from projects using this dependency.

More details: https://app.snyk.io/vuln/SNYK-JAVA-IONETTY-1584063

ronanwatkins avatar Oct 14 '21 15:10 ronanwatkins

I've opened this PR to address it: https://github.com/AsyncHttpClient/async-http-client/pull/1803

ronanwatkins avatar Oct 14 '21 15:10 ronanwatkins

Is there an update on this issue?

Need to resolve:

  • CVE-2021-37136
  • CVE-2021-37137

dari0g avatar Nov 04 '21 13:11 dari0g

Unfortunately, it seems like this project isn't getting much attention anymore. The last commit was 7 months ago and the previous maintainer tweeted that he doesn't have time to maintain this project anymore.

ronanwatkins avatar Nov 04 '21 14:11 ronanwatkins

Will we have a new maintainer since the previous maintainer does not have the availability to maintain it?

dari0g avatar Dec 07 '21 14:12 dari0g

Will be fixed in the v3.0.0 release.

hyperxpro avatar Jan 08 '23 16:01 hyperxpro