Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-12400

Upgrade jetty to fix CVE-2020-27223

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.8.0, 2.7.1, 2.6.2
    • Component/s: None
    • Labels:
      None

      Description

      CVE-2020-27223 Detail

      In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                dongjin Dongjin Lee
                Reporter:
                dongjin Dongjin Lee
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: