https://bugzilla.redhat.com/show_bug.cgi?id=1937364
--- Comment #12 from Jonathan Christison jochrist@redhat.com --- Marking Red Hat AMQ Online as having a low impact, although vulnerable versions of netty are distributed and used none of the affected functionality is ever exposed publicly, one of the prerequisites of this flaw is that an attacker has the ability to alter http requests, as netty in AMQ Online does not handle user HTTP requests this prerequisite is not present, another prerequisite of this flaw is malicious http2 requests later go onto be proxied eg. load balanced, neither is true in AMQ Online.