Skip to:

Skip to Jira Navigation
Skip to Side Navigation
Skip to Main Content

CVE-2023-34455 snappy-java OOM. Analysis of vulnerability

Description

Severity: High
Modules impacted:

mod-entities-links Spitfire
mod-search Spitfire
mod-remote-storage Volaris

Link: https://nvd.nist.gov/vuln/detail/CVE-2023-34455

Package Name: org.xerial.snappy_snappy-java

Fixed in fixed in 1.1.10.1

Linked issues

is continued by

CVE-2023-34455 snappy-java - Analysis of vulnerability - Quesnelia

is defined by

RMB 35.1.1, folio-di-support 2.0.1, kafka-clients 3.6.0

Java 17, upgrade dependencies for Poppy

Kafka 3.5.1, snappy-java 1.1.10.1 fixing vulns

Kafka 3.5.1, snappy-java 1.1.10.1 fixing vulns

Spring Boot 3.1.5, Kafka 3.5.1, mod-pubsub-client 2.12.2

Spring Boot 3.1.8, Kafka 3.6.1, folio-spring-base 7.2.2

Checklist

hide

TestRail: Results

Activity

Show:

Denis November 17, 2023 at 11:46 AM

Hi
from scan results we see that there are additional modules potentially impacted by CVE. Could you please check?

mod-data-export-spring Firebird
mod-data-export-worker Firebird
mod-bulk-operations Firebird
mod-service-interaction K-Int
mod-agreements Bienenvolk (fka ERM)
mod-licenses Bienenvolk (fka ERM)
mod-quick-marc Spitfire

cc

Done

Details

Assignee

Unassigned

Reporter

Denis

Priority

P2

RCA Group

TBD

Labels

securitysecurity-reviewed

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created November 1, 2023 at 9:04 PM

Updated May 3, 2024 at 10:02 AM

Resolved November 9, 2023 at 4:54 PM

TestRail: Cases

TestRail: Runs