[jira] [Commented] (CASSANDRA-16463) high and critical CVEs io.netty to 4.1.42.Final to fix critical and high vulnerabilities

Tue, 23 Feb 2021 06:51:05 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-16463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17289115#comment-17289115
 ] 

Bhargav Joshi commented on CASSANDRA-16463:
-------------------------------------------

Cassandra on dockerhub also has the same CVEs

> high and critical CVEs io.netty to 4.1.42.Final to fix critical and high 
> vulnerabilities
> ----------------------------------------------------------------------------------------
>
>                 Key: CASSANDRA-16463
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-16463
>             Project: Cassandra
>          Issue Type: Improvement
>          Components: Dependencies
>            Reporter: Bhargav Joshi
>            Priority: High
>
> Repository | Tag | CVE ID | Severity | Packages | Source Package | Package 
> Version | Fix Status
> -- | -- | -- | -- | -- | -- | -- | --
> datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-20445 | critical | 
> io.netty_netty-all |   | 4.0.44.Final | fixed in 4.1.44
> datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-20444 | critical | 
> io.netty_netty-all |   | 4.0.44.Final | fixed in 4.1.44
> datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-16869 | high | 
> io.netty_netty-all |   | 4.0.44.Final | fixed in 4.1.42.Final



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to