You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Software vulnerability checker(Veracode) reports that netty-handler is vulnerable to Man-in-the-Middle attack. Issue description is provided below. Please let us know how to address this.
"netty-handler is vulnerable to man-in-the-middle attacks. The library uses an SSLEngine that does not verify certificate hostnames when establishing connections with clients by default. This allows an attacker to potentially intercept and modify network traffic in a successful man-in-the-middle attack."
Netty version - 4.1.43-FInal
JVM version (e.g. java -version) - 1.8
OS version (e.g. uname -a) - Windows / Unix
The text was updated successfully, but these errors were encountered:
Man-in-the-Middle vulnerability
Software vulnerability checker(Veracode) reports that netty-handler is vulnerable to Man-in-the-Middle attack. Issue description is provided below. Please let us know how to address this.
"netty-handler is vulnerable to man-in-the-middle attacks. The library uses an SSLEngine that does not verify certificate hostnames when establishing connections with clients by default. This allows an attacker to potentially intercept and modify network traffic in a successful man-in-the-middle attack."
Netty version - 4.1.43-FInal
JVM version (e.g.
java -version
) - 1.8OS version (e.g.
uname -a
) - Windows / UnixThe text was updated successfully, but these errors were encountered: