[KAFKA-15001] CVE vulnerabilities in Jetty - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Task
Status: Open
Priority: Critical
Resolution: Unresolved
Affects Version/s: 3.4.0, 3.3.2
Fix Version/s: 3.5.1, 3.4.2
Component/s: None
Labels:
None

Description

Kafka is using org.eclipse.jetty_jetty-server and org.eclipse.jetty_jetty-io version 9.4.48.v20220622 where 3 moderate and medium vulnerabilities have been reported.

Moderate CVE-2023-26048 in org.eclipse.jetty_jetty-server
Medium CVE-2023-26049 in org.eclipse.jetty_jetty-io
Medium CVE-2023-26048 in org.eclipse.jetty_jetty-io

These are fixed in jetty versions 11.0.14, 10.0.14, 9.4.51 and Kafka should use the same.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Arushi Rai

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 17/May/23 15:15

Updated:: 25/Sep/23 17:40