[jira] [Commented] (RANGER-5024) Upgrade Jetty dependency to address CVE-2024-8184

Abhishek Kumar (Jira) Fri, 24 Jan 2025 16:37:05 -0800


    [ 
https://issues.apache.org/jira/browse/RANGER-5024?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17916870#comment-17916870
 ]


Abhishek Kumar commented on RANGER-5024:
----------------------------------------

Thank you for the patch, this has been merged in 
[ranger-2.6|https://github.com/apache/ranger/commit/4bb0133]

> Upgrade Jetty dependency to address  CVE-2024-8184
> --------------------------------------------------
>
>                 Key: RANGER-5024
>                 URL: https://issues.apache.org/jira/browse/RANGER-5024
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>    Affects Versions: 2.4.0, 2.5.0
>            Reporter: Basapuram Kumar
>            Assignee: Basapuram Kumar
>            Priority: Major
>          Time Spent: 0.5h
>  Remaining Estimate: 0h
>
> CVE-2024-8184 reference [https://nvd.nist.gov/vuln/detail/CVE-2024-8184]
>  
> CVE Description
> There exists a security vulnerability in Jetty's 
> ThreadLimitHandler.getRemote() which can be exploited by unauthorized users 
> to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted 
> requests, attackers can trigger OutofMemory errors and exhaust the server's 
> memory.
>  
> Suggesting to upgrade - 9.4.56.v20240826



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (RANGER-5024) Upgrade Jetty dependency to address CVE-2024-8184

Reply via email to