Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-12583

Upgrade of netty-codec due to CVE-2021-21295

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.7.0
    • 2.8.0
    • security
    • None

    Description

      Our security tool raised the following security flaw on kafka 2.7: https://nvd.nist.gov/vuln/detail/CVE-2021-21295

      It is a vulnerability related to jar netty-codec-4.1.51.Final.jar.

      Looking at source code, the netty-codec in trunk and 2.7.0 branches are still vulnerable.

      Based on netty issue tracker, the vulnerability is fixed in 4.1.60.Final: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj

      Attachments

        Issue Links

          is a clone of

          Bug - A problem which impairs or prevents the functions of the product. KAFKA-12389 Upgrade of netty-codec due to CVE-2021-21290

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link GitHub Pull Request #10448

          Activity

            People

              ben.c Ben Chen
              dominique Dominique Mongelli
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: