[
https://issues.apache.org/jira/browse/KAFKA-15487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Rafael Rios Saavedra updated KAFKA-15487:
-----------------------------------------
Description:
CVE-2023-40167 and CVE-2023-36479 vulnerabilities affects Jetty version
{*}9.4.51{*}. For more information see
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167]
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-364749]
Upgrading to Jetty version *9.4.52, 10.0.16, 11.0.16, 12.0.1* should address
this issue.
was:
*CVE-2021-28165* vulnerability affects Jetty versions up to *9.4.38*. For more
information see [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28165]
Upgrading to Jetty version *9.4.39* should address this issue
([https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.39.v20210325)|https://github.com/eclipse/jetty.project/releases/tag/jetty-9.4.39.v20210325].
> CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16,
> 12.0.1
> ----------------------------------------------------------------------------------
>
> Key: KAFKA-15487
> URL: https://issues.apache.org/jira/browse/KAFKA-15487
> Project: Kafka
> Issue Type: Bug
> Affects Versions: 2.7.0, 2.6.1
> Reporter: Rafael Rios Saavedra
> Assignee: Dongjin Lee
> Priority: Major
> Labels: CVE, security
> Fix For: 2.8.0, 2.7.1, 2.6.2, 3.0.0
>
>
> CVE-2023-40167 and CVE-2023-36479 vulnerabilities affects Jetty version
> {*}9.4.51{*}. For more information see
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167]
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-364749]
> Upgrading to Jetty version *9.4.52, 10.0.16, 11.0.16, 12.0.1* should address
> this issue.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
