[
https://issues.apache.org/jira/browse/CASSANDRA-17326?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17486339#comment-17486339
]
Ori Prog commented on CASSANDRA-17326:
--------------------------------------
Dear Benedict,
We don’t have an example for any actual attack of a specific CVE.Could you
please clarify “The project regularly audits our exposure to CVEs”.
Do you scan Cassandra with your scanner and it is not exposed?
What tool do you user for the scans - OWASP Dependency Check or something else?
> Security Bug
> ------------
>
> Key: CASSANDRA-17326
> URL: https://issues.apache.org/jira/browse/CASSANDRA-17326
> Project: Cassandra
> Issue Type: Bug
> Components: Dependencies
> Reporter: Ori Prog
> Priority: Normal
>
> The Cassandra 3.11.11 uses _netty-all-4.0.44.Final.jar_
> This library has the following CVEs. {*}Part of these CVEs are critical{*}!
> Please upgrade to 4.1.71.Final
> CVE-2019-20445
> CVE-2019-20444
> CVE-2019-16869
> CVE-2020-7238
> CVE-2021-37136
> CVE-2021-37137
> CVE-2021-21409
> CVE-2021-43797
> CVE-2021-21295
> CVE-2021-21290
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
