Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-12400

Upgrade jetty to fix CVE-2020-27223

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 2.8.0, 2.7.1, 2.6.2
    • None
    • None

    Description

      CVE-2020-27223 Detail

      In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0.0, and 11.0.0 when Jetty handles a request containing multiple Accept headers with a large number of quality (i.e. q) parameters, the server may enter a denial of service (DoS) state due to high CPU usage processing those quality values, resulting in minutes of CPU time exhausted processing those quality values.

      Attachments

        Issue Links

          Activity

            People

              dongjin Dongjin Lee
              dongjin Dongjin Lee
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: