High severity7.4NVD Advisory· Published Oct 4, 2023· Updated Jun 17, 2026
CVE-2023-4586
CVE-2023-4586
Description
A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.netty:netty-handlerMaven | >= 4.1.0.Final, <= 4.1.99.Final | — |
Affected products
23- Red Hat/Red Hat Data Grid 8.4.6v5cpe:/a:redhat:jboss_data_grid:8
- osv-coords22 versionspkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7-bitnamipkg:apk/chainguard/elasticsearch-7-iamguardedpkg:apk/chainguard/keycloakpkg:apk/chainguard/keycloak-bitnami-compatpkg:apk/chainguard/keycloak-compatpkg:apk/chainguard/keycloak-iamguarded-compatpkg:apk/chainguard/wavefront-proxypkg:apk/chainguard/wavefront-proxy-compatpkg:apk/chainguard/wavefront-proxy-configpkg:apk/chainguard/wavefront-proxy-licensespkg:apk/chainguard/wavefront-proxy-oci-entrypointpkg:apk/wolfi/keycloakpkg:apk/wolfi/keycloak-bitnami-compatpkg:apk/wolfi/keycloak-compatpkg:apk/wolfi/keycloak-iamguarded-compatpkg:apk/wolfi/wavefront-proxypkg:apk/wolfi/wavefront-proxy-compatpkg:apk/wolfi/wavefront-proxy-configpkg:apk/wolfi/wavefront-proxy-licensespkg:apk/wolfi/wavefront-proxy-oci-entrypointpkg:maven/io.netty/netty-handler
< 7.17.14-r2+ 21 more
- (no CPE)range: < 7.17.14-r2
- (no CPE)range: < 7.17.14-r2
- (no CPE)range: < 7.17.14-r2
- (no CPE)range: < 26.1.4-r0
- (no CPE)range: < 26.1.4-r0
- (no CPE)range: < 26.1.4-r0
- (no CPE)range: < 26.1.4-r0
- (no CPE)range: < 13.3-r1
- (no CPE)range: < 13.3-r1
- (no CPE)range: < 13.3-r1
- (no CPE)range: < 13.3-r1
- (no CPE)range: < 13.3-r1
- (no CPE)range: < 26.1.4-r0
- (no CPE)range: < 26.1.4-r0
- (no CPE)range: < 26.1.4-r0
- (no CPE)range: < 26.1.4-r0
- (no CPE)range: < 13.3-r1
- (no CPE)range: < 13.3-r1
- (no CPE)range: < 13.3-r1
- (no CPE)range: < 13.3-r1
- (no CPE)range: < 13.3-r1
- (no CPE)range: >= 4.1.0.Final, <= 4.1.99.Final
Patches
Vulnerability mechanics
References
8- access.redhat.com/security/cve/CVE-2023-4586nvdThird Party AdvisoryWEB
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-57m8-f3v5-hm5mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-4586ghsaADVISORY
- docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLParameters.htmlghsaWEB
- github.com/netty/netty/issues/8537ghsaWEB
- security.snyk.io/vuln/SNYK-JAVA-IONETTY-1042268ghsaWEB
- access.redhat.com/errata/RHSA-2023:7676nvd
News mentions
0No linked articles in our index yet.