Dependency Bumps - Vulnerabilities
Summary
This merge request updates the core-lib-azure
dependency version from 2.0.2
to 2.0.4
in the provider/search-azure
module.
Changes
Dependencies
- Updated
core-lib-azure
version from2.0.2
to2.0.4
inprovider/search-azure/pom.xml
.
Security Impact
New Vulnerabilities
Medium Severity:
-
CVE-2025-25193 (pom): A vulnerability in
io.netty:netty-common
version4.1.116.Final
introduced by the updatedcore-lib-azure
dependency. This vulnerability could potentially cause a denial of service in Netty when an unsafe reading of an environment file occurs.
Fixed Vulnerabilities
High Severity:
-
CVE-2025-24970 (pom): A vulnerability in
io.netty:netty-handler
version4.1.115.Final
related to improper packet validation inSslHandler
, which could lead to a native crash when using the nativeSSLEngine
. This vulnerability has been fixed in the updatedcore-lib-azure
dependency.
Medium Severity:
-
CVE-2025-25193 (pom): The same vulnerability in
io.netty:netty-common
version4.1.115.Final
has been fixed in the updatedcore-lib-azure
dependency.
Vulnerability Comparison
Fixed Vulnerabilities
HIGH
- CVE-2025-24970 in io.netty:netty-handler 4.1.115.Final (provider/search-azure/pom.xml)
MEDIUM
- CVE-2025-25193 in io.netty:netty-common 4.1.115.Final (provider/search-azure/pom.xml