Menu
▾
▴
#36 netty-common-4.1.114.Final vulnerability
netty-common-4.1.114.Final vulnerability
Whitesource (Mend) Scan as of 12/2024:
yajsw v13.13
CVSS 3 Score: 5.5 CVSS 2 Score 5.5
Found in: yajsw\lib\core\netty\netty-common-4.1.114.Final.jar
CVE-2024-47535 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47535
“Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.
jre8 contines to live (being patched with jre11 and up). Please consider yajsw v13.14 with the netty* updated. Thank you.
thanks for pointing this out.
yes. next release will support jdk8 and resolve this issue.
Any expected date on the 13.14 GA?
CVE detected: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25193
Fix is available in Netty:4.1.118 Final
Last edit: Ravi Raj 2025-02-17
netty* v4.1.118 is included with yajsw v13.15. Thank you, rzo!