[jira] [Commented] (KAFKA-17807) Update jetty-http & jetty-server [CVE-2024-6763] [CVE-2024-8184]

Vishal (Jira) Sun, 20 Oct 2024 12:18:13 -0700


    [ 
https://issues.apache.org/jira/browse/KAFKA-17807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17891345#comment-17891345
 ]


Vishal commented on KAFKA-17807:
--------------------------------

Hi [~chia7712] , thanks for taking the time to look at it. Like Josep Prat 
mentioned, the fix is available only for CVE-2024-8184 (jetty-server).

Since the linked PR also addresses only 1 of the two CVEs, is it appropriate to 
mark this issue as resolved?

> Update jetty-http & jetty-server [CVE-2024-6763] [CVE-2024-8184]
> ----------------------------------------------------------------
>
>                 Key: KAFKA-17807
>                 URL: https://issues.apache.org/jira/browse/KAFKA-17807
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 3.8.0, 3.7.1, 3.9.0
>            Reporter: Vishal
>            Assignee: Chia-Ping Tsai
>            Priority: Blocker
>
> # jetty-http
> [https://nvd.nist.gov/vuln/detail/CVE-2024-6763]
> Current jetty-http version: 9.4.54.v20240208
> Fix versions: 12.0.12
>  # jetty-server
> jetty-server, is vulnerable to 
> [https://nvd.nist.gov/vuln/detail/CVE-2024-8184]
> current jetty-server version: 9.4.54.v20240208
> Fix Version : 10.0.24, 11.0.24, 12.0.9, 9.4.56
> I created this report after I got an automated notification from a security 
> image scanner.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-17807) Update jetty-http & jetty-server [CVE-2024-6763] [CVE-2024-8184]

Reply via email to