Hi Team
Search Guard plugin contains references to Netty codec which has been reported as affected by CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
I’m trying to search additional information for this security vulnerability, but it is really hard as it affects overal the HTTP/2 protocol.
Can you confirm if the Search Guard plugin is affected and is so, on which version it was addressed?
Thanks in advance.
Best regards.