CVE-2023-4586

[Horcrux7]

The library netty-handler@4.1.97.Finalis flag as vulnerability CVE-2023-4586 since some days. see also: jeremylong/DependencyCheck#5912

Because this is a reserved CVE there are no information available. I have some questions

• Is this a false positive hit for "netty-handler"?
• If this is a real hit, will there be a fix for version 4.x or only for version 5.x?

[chrisvest]

We didn't reserve it, and don't know who did.

SonaType, for some reason, apparently has more details: https://ossindex.sonatype.org/vulnerability/CVE-2023-4586?component-type=maven&component-name=io.netty%2Fnetty-handler

So that tells us it's #8537.