[jira] [Commented] (KAFKA-15503) CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16, 12.0.1

Satish Duggana (Jira) Mon, 25 Sep 2023 10:41:03 -0700


    [ 
https://issues.apache.org/jira/browse/KAFKA-15503?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17768810#comment-17768810
 ]


Satish Duggana commented on KAFKA-15503:
----------------------------------------

https://github.com/apache/kafka/pull/10526 is cherrypicked to 3.6 branch.

> CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16, 
> 12.0.1
> ----------------------------------------------------------------------------------
>
>                 Key: KAFKA-15503
>                 URL: https://issues.apache.org/jira/browse/KAFKA-15503
>             Project: Kafka
>          Issue Type: Bug
>    Affects Versions: 3.6.0
>            Reporter: Rafael Rios Saavedra
>            Assignee: Divij Vaidya
>            Priority: Major
>              Labels: CVE, security
>             Fix For: 3.6.0
>
>
> CVE-2023-40167 and CVE-2023-36479 vulnerabilities affects Jetty version 
> {*}9.4.51{*}. For more information see 
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167] 
> [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-364749] 
> Upgrading to Jetty version *9.4.52, 10.0.16, 11.0.16, 12.0.1* should address 
> this issue.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (KAFKA-15503) CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16, 12.0.1

Reply via email to