[jira] [Created] (KAFKA-16825) CVE vulnerabilities in Jetty and netty

mooner (Jira) Wed, 22 May 2024 23:17:08 -0700

mooner created KAFKA-16825:
------------------------------

             Summary: CVE vulnerabilities in Jetty and netty
                 Key: KAFKA-16825
                 URL: https://issues.apache.org/jira/browse/KAFKA-16825
             Project: Kafka
          Issue Type: Task
    Affects Versions: 3.7.0
            Reporter: mooner



There is a vulnerability (CVE-2024-29025) in the passive dependency software 
Netty used by Kafka, which has been fixed in version 4.1.108.Final.

There is also a vulnerability (CVE-2024-22201) in the passive dependency 
software Jetty, which has been fixed in version 9.4.54.v20240208.

When will Kafka upgrade the versions of Netty and Jetty to fix these two 
vulnerabilities?

Reference website:

https://nvd.nist.gov/vuln/detail/CVE-2024-29025

https://nvd.nist.gov/vuln/detail/CVE-2024-22201



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-16825) CVE vulnerabilities in Jetty and netty

Reply via email to