Vulnerability Fixing
To ensure the security of the production environment and reduce the risk of attacks, enable the firewall and periodically fix the following vulnerabilities:
- OS vulnerabilities
- JDK vulnerabilities
- Hadoop and Spark vulnerabilities
- ZooKeeper vulnerabilities
- Kerberos vulnerabilities
- openLooKeng vulnerabilities
- OpenSSL vulnerabilities
- Vulnerabilities in other components
The following uses CVE-2021-37137 as an example.
Vulnerability description:
Netty 4.1.17 has two Content-Length HTTP headers that may be confused. The vulnerability ID is CVE-2021-37137.
The system uses the hdfs-ceph (version 3.2.0) service as the storage object with decoupled storage and compute. This service depends on aws-java-sdk-bundle-1.11.375.jar and involves this vulnerability. You are advised to update the vulnerability patch in a timely manner to prevent hacker attacks.
Impact:
Netty 4.1.68 and earlier versions.
Handling suggestion:
Currently, the vendor has released an upgrade patch to fix the vulnerability. For details, visit the following website:
https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363