CVE in Netty Dependencies being used.
g2vinay opened this issue · 1 comments
g2vinay commented
Hello,
Following High Severity CVEs are present in the Netty Dependencies being used by async-http-client:2.12.3
CVE-2021-37136 https://nvd.nist.gov/vuln/detail/CVE-2021-37136
(BDSA-2021-2832) and CVE-2021-37137 https://nvd.nist.gov/vuln/detail/CVE-2021-37137
(BDSA-2021-2831)
Upgrading Netty Dependencies to version 4.1.72.Final should resolve the issue.
This issue is currently impacting our customers, so if you could upgrade the dependencies and do a patch release that would be great.
hyperxpro commented
Will be fixed in the v3.0.0 release.