Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18825

Address Netty 4.x / CWE-295 by configuring hostname verification

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Minor
    • Resolution: Unresolved
    • 3.3.6
    • None
    • security
    • None

    Description

      Our SAST tool has picked up that the version of Netty 4.x used by Hadoop is vulnerable to Security Vulnerability - Common Weakness Enumeration (CWE) CWE-295 · Issue #9930 · netty/netty (github.com). Until Netty 5 is released (which will enable it by default), the remediation is to enable host name verification (SslContext (Netty API Reference (4.1.95.Final))).

      Attachments

        Activity

          People

            Unassigned Unassigned
            ess-truveta Eugene Shinn (Truveta)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: