[Snyk: High] io.netty:netty-codec-http2 (Due 11/11/23)

[tmpayton]

io.netty:netty-codec-http2
Denial of Service (DoS)

VULNERABILITY
SCORE
661

Introduced through
org.flywaydb:flyway-commandline@9.22.0
Exploit maturity
MATURE
Show less detail
Detailed paths
Introduced through: unknown:unknown@0.0.0 › org.flywaydb:flyway-commandline@9.22.0 › software.amazon.awssdk:s3@2.20.94 › software.amazon.awssdk:netty-nio-client@2.20.94 › io.netty:netty-codec-http2@4.1.94.Final
Security information
Factors contributing to the scoring:
Snyk: CVSS 7.5 - High Severity

NVD: CVSS 7.5 - High Severity
Why are the scores different? Learn how Snyk evaluates vulnerability scores
Overview
io.netty:netty-codec-http2 is a HTTP2 sub package for the netty library, an event-driven asynchronous network application framework.

Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

Learn about this type of vulnerability

Action Items:

• upgrade flyway to latest

Completion Criteria:

• SNYK no longer flag this package as a vulnerability