Netty vulnerability included in redis lettuce
Moderate severity
GitHub Reviewed
Published
Dec 2, 2024
to the GitHub Advisory Database
•
Updated Dec 23, 2024
Package
Affected versions
< 6.5.1.RELEASE
Patched versions
6.5.1.RELEASE
Description
Published to the GitHub Advisory Database
Dec 2, 2024
Reviewed
Dec 2, 2024
Last updated
Dec 23, 2024
Summary
Note: i'm reporting this in this way purely because it's private and i don't want to broadcast vulnerabilities.
Details
https://github.com/redis/lettuce/blob/main/pom.xml#L67C9-L67C53 The netty version pinned here is currently
This version is vulnerable according to Snyk and is affecting one of our products:
Here is a link to the CVE
PoC
Complete instructions, including specific configuration details, to reproduce the vulnerability.
Not applicable
Impact
What kind of vulnerability is it? Who is impacted?
Denial of Service, affecting Windows users.
References