[
https://issues.apache.org/jira/browse/CASSANDRA-20504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17940019#comment-17940019
]
Stefan Miklosovic commented on CASSANDRA-20504:
-----------------------------------------------
Updating to 4.1.119 in CASSANDRA-20314 would automatically resolve
CCVE-2024-47535 and CVE-2025-25193 for 5.0 and trunk branches.
For 4.1 and 4.0 we still need to suppress.
> Handle CVE-2024-47535 and CVE-2025-25193
> ----------------------------------------
>
> Key: CASSANDRA-20504
> URL: https://issues.apache.org/jira/browse/CASSANDRA-20504
> Project: Apache Cassandra
> Issue Type: Task
> Components: Build
> Reporter: Stefan Miklosovic
> Assignee: Stefan Miklosovic
> Priority: Normal
> Fix For: 4.0.x, 4.1.x, 5.0.x, 5.x
>
>
> These seem to be exploitable on Windows only, hence we can suppress.
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-47535
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-25193
> trunk - suppress CVE-2024-47535 and CVE-2025-25193
> 5.0 - suppress CVE-2024-47535 and CVE-2025-25193
> 4.1 - suppress CVE-2025-25193
> 4.0 - suppress CVE-2025-25193
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org
