[jira] [Commented] (KAFKA-17807) Update jetty-http & jetty-server [CVE-2024-8184]

Chia-Ping Tsai (Jira) Mon, 21 Oct 2024 05:13:07 -0700


    [ 
https://issues.apache.org/jira/browse/KAFKA-17807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17891522#comment-17891522
 ]


Chia-Ping Tsai commented on KAFKA-17807:
----------------------------------------

[~vishaln] You’re right, I’ve updated the title. Additionally, KAFKA-16437 will 
upgrade Jetty from version 9 (EOL) to 12 (active) to address the remaining CVE 
(https://nvd.nist.gov/vuln/detail/CVE-2024-6763).

> Update jetty-http & jetty-server [CVE-2024-8184]
> ------------------------------------------------
>
>                 Key: KAFKA-17807
>                 URL: https://issues.apache.org/jira/browse/KAFKA-17807
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 3.8.0, 3.7.1, 3.9.0
>            Reporter: Vishal
>            Assignee: Chia-Ping Tsai
>            Priority: Blocker
>
> # jetty-http
> [https://nvd.nist.gov/vuln/detail/CVE-2024-6763]
> Current jetty-http version: 9.4.54.v20240208
> Fix versions: 12.0.12
>  # jetty-server
> jetty-server, is vulnerable to 
> [https://nvd.nist.gov/vuln/detail/CVE-2024-8184]
> current jetty-server version: 9.4.54.v20240208
> Fix Version : 10.0.24, 11.0.24, 12.0.9, 9.4.56
> I created this report after I got an automated notification from a security 
> image scanner.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-17807) Update jetty-http & jetty-server [CVE-2024-8184]

Reply via email to