You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"summary": "Netty vulnerability included in redis lettuce",
"details": "### Summary\nNote: i'm reporting this in this way purely because it's private and i don't want to broadcast vulnerabilities.\n\n> An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115.\n\n### Details\nhttps://github.com/redis/lettuce/blob/main/pom.xml#L67C9-L67C53 The netty version pinned here is currently \n```\n<netty.version>4.1.113.Final</netty.version>\n```\nThis version is vulnerable according to Snyk and is affecting one of our products:\n\n\nHere is a [link](https://www.cve.org/CVERecord?id=CVE-2024-47535) to the CVE\n\n### PoC\n_Complete instructions, including specific configuration details, to reproduce the vulnerability._\nNot applicable\n\n### Impact\n_What kind of vulnerability is it? Who is impacted?_\nDenial of Service, affecting Windows users. ",
