Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-18333

hadoop-client-runtime impact by CVE-2022-2047 CVE-2022-2048 due to shaded jetty

    XMLWordPrintableJSON

Details

    • Reviewed

    Description

      CVE-2022-2047 and CVE-2022-2048 is recently found for Eclipse Jetty, and impacts 9.4.0 thru 9.4.46.

      In latest 3.3.3 of hadoop-client-runtime, it shaded 9.4.43.v20210629 version jetty which is impacted.

      In Trunk, Jetty is in version 9.4.44.v20210927, which is still impacted.

      Need to upgrade Jetty Version. 

      Attachments

        Issue Links

          is duplicated by

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-18343 upgrade to jetty 9.4.48 due to CVE

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #4553

          Web Link GitHub Pull Request #4583

          Web Link GitHub Pull Request #4600

          Activity

            People

              groot Ashutosh Gupta
              phoebemaomao phoebe chen
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 50m
                  1h 50m