False positive on netty for CVE-2023-44487 (!26857) · Merge requests · GitLab.org / security-products / advisory-database · GitLab

The source project of this merge request has been removed.

Reicela Mackevica requested to merge (removed):nettyfp into master Jan 09, 2024

/maven/io.netty/netty/CVE-2023-44487.yml
/maven/io.netty/netty-all/CVE-2023-44487.yml
/maven/io.netty/netty-codec/CVE-2023-44487.yml

These are FP since only codec-http2 is affected by this CVE as better shown by this commit https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61

Other sources: https://github.com/advisories/GHSA-xpw8-rcwv-8f8p, https://security.snyk.io/vuln/SNYK-JAVA-IONETTY-5953332