Details
-
Bug
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
3.3.6
-
None
-
None
Description
Our SAST tool has picked up that the version of Netty 4.x used by Hadoop is vulnerable to Security Vulnerability - Common Weakness Enumeration (CWE) CWE-295 · Issue #9930 · netty/netty (github.com). Until Netty 5 is released (which will enable it by default), the remediation is to enable host name verification (SslContext (Netty API Reference (4.1.95.Final))).