[
https://issues.apache.org/jira/browse/CASSANDRA-17170?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17455232#comment-17455232
]
Brandon Williams commented on CASSANDRA-17170:
----------------------------------------------
See the linked ticket for this.
> Found Third Party Software vulnerabilities/security issue in 3.11.11
> ---------------------------------------------------------------------
>
> Key: CASSANDRA-17170
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17170
> Project: Cassandra
> Issue Type: Bug
> Reporter: Amol Nawale
> Priority: Normal
>
> we have found below vulnerabilities in Cassandra 3.11.11.zip during security
> scan.
> Could you please help us to resolve those?
> | [sonatype-2021-1175] [logback-core] [1.1.3]|
> | [CVE-2021-37137] [netty-all] [4.0.44.Final]|
> | [sonatype-2021-1425] [thrift] [0.9.3]|
> | [sonatype-2020-1031] [netty-all] [4.0.44.Final]|
> | [CVE-2020-13949] [libthrift] [0.9.2]|
> | [sonatype-2020-0029] [netty-all] [4.0.44.Final]|
> | [CVE-2020-7238] [netty-all] [4.0.44.Final]|
> | [CVE-2019-20444] [netty-all] [4.0.44.Final]|
> | [CVE-2019-20445] [netty-all] [4.0.44.Final]|
> | [CVE-2017-18640] [snakeyaml] [1.11]|
> | [CVE-2019-16869] [netty-all] [4.0.44.Final]|
> | [CVE-2019-0205] [thrift] [0.9.3]|
> | [CVE-2018-1320] [libthrift] [0.9.2]|
> | [CVE-2017-5929] [logback-classic] [1.1.3]|
> |*[sonatype-2017-0312] [jackson-databind] [2.9.10.8]*|
>
>
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
