[jira] [Created] (HADOOP-18333) hadoop-client-runtime impact by CVE-2022-2047 due to shaded jetty

phoebe chen (Jira) Mon, 11 Jul 2022 16:27:06 -0700

phoebe chen created HADOOP-18333:
------------------------------------

             Summary: hadoop-client-runtime impact by CVE-2022-2047 due to 
shaded jetty
                 Key: HADOOP-18333
                 URL: https://issues.apache.org/jira/browse/HADOOP-18333
             Project: Hadoop Common
          Issue Type: Improvement
    Affects Versions: 3.3.3
            Reporter: phoebe chen



CVE-2022-2047 is recently found for Eclipse Jetty, and impacts 9.4.0 thru 
9.4.46.

In latest 3.3.3 of hadoop-client-runtime, it shaded 9.4.43.v20210629 version 
jetty which is impacted.

In Trunch, Jetty is in version 9.4.44.v20210927, which is still impacted.

Need to upgrade Jetty Version. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

[jira] [Created] (HADOOP-18333) hadoop-client-runtime impact by CVE-2022-2047 due to shaded jetty

Reply via email to