Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

GHSA-xpw8-rcwv-8f8p Analysis of vulnerability - Quesnelia

Description

Severity: High
Link: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
Package Name: io.netty_netty-codec-http2
Current versions: 4.1.78.Final / fixed in 4.1.100.Final

Modules impacted:

  1. mod-event-config 2.7.0

  2. mod-user-import 3.8.0

  3. mod-data-export-worker 3.2.2

Note: an analysis of CVE for other modules/versions of modules was performed in scope of https://folio-org.atlassian.net/browse/SECURITY-46

Checklist

hide

Activity

Show:

Julian Ladisch May 3, 2024 at 9:22 AM

This is an HTTP/2 issue therefore only Okapi and edge modules can be affected.

Beckend modules are not affected.

The description lists backend modules only, therefore this issue can be closed.

Unresolved

Details

Assignee

Reporter

Priority

RCA Group

TBD

Labels

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs
Created April 18, 2024 at 5:05 PM
Updated May 23, 2024 at 3:42 PM
TestRail: Cases
TestRail: Runs