[jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223

Dongjin Lee (Jira) Tue, 02 Mar 2021 00:12:06 -0800

Dongjin Lee created KAFKA-12400:
-----------------------------------

             Summary: Upgrade jetty to fix CVE-2020-27223
                 Key: KAFKA-12400
                 URL: https://issues.apache.org/jira/browse/KAFKA-12400
             Project: Kafka
          Issue Type: Improvement
            Reporter: Dongjin Lee
            Assignee: Dongjin Lee
             Fix For: 2.8.0, 2.7.1, 2.6.2



h3. CVE-2020-27223 Detail

In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 
11.0.0 when Jetty handles a request containing multiple Accept headers with a 
large number of quality (i.e. q) parameters, the server may enter a denial of 
service (DoS) state due to high CPU usage processing those quality values, 
resulting in minutes of CPU time exhausted processing those quality values.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (KAFKA-12400) Upgrade jetty to fix CVE-2020-27223

Reply via email to