[ https://issues.apache.org/jira/browse/CASSANDRA-16463?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bhargav Joshi updated CASSANDRA-16463: -------------------------------------- Resolution: (was: Invalid) Status: Open (was: Resolved) This is not limited to Datastax, CVE is part of io.netty bundle within cassandra libraries > high and critical CVEs io.netty to 4.1.42.Final to fix critical and high > vulnerabilities > ---------------------------------------------------------------------------------------- > > Key: CASSANDRA-16463 > URL: https://issues.apache.org/jira/browse/CASSANDRA-16463 > Project: Cassandra > Issue Type: Improvement > Components: Dependencies > Reporter: Bhargav Joshi > Priority: High > > Repository | Tag | CVE ID | Severity | Packages | Source Package | Package > Version | Fix Status > -- | -- | -- | -- | -- | -- | -- | -- > datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-20445 | critical | > io.netty_netty-all | | 4.0.44.Final | fixed in 4.1.44 > datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-20444 | critical | > io.netty_netty-all | | 4.0.44.Final | fixed in 4.1.44 > datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-16869 | high | > io.netty_netty-all | | 4.0.44.Final | fixed in 4.1.42.Final -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org For additional commands, e-mail: commits-h...@cassandra.apache.org