async-http-client icon indicating copy to clipboard operation
async-http-client copied to clipboard

Published 20 hours ago verified publisher icon AsyncHttpClient

CVE in Netty Dependencies being used.

Open g2vinay opened this issue 3 years ago • 0 comments

Hello,

Following High Severity CVEs are present in the Netty Dependencies being used by async-http-client:2.12.3

CVE-2021-37136 https://nvd.nist.gov/vuln/detail/CVE-2021-37136 (BDSA-2021-2832) and CVE-2021-37137 https://nvd.nist.gov/vuln/detail/CVE-2021-37137 (BDSA-2021-2831)

Upgrading Netty Dependencies to version 4.1.72.Final should resolve the issue.

This issue is currently impacting our customers, so if you could upgrade the dependencies and do a patch release that would be great.

g2vinay avatar Dec 28 '21 10:12 g2vinay