Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-12583

Upgrade of netty-codec due to CVE-2021-21295

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.7.0
    • Fix Version/s: 2.8.0
    • Component/s: security
    • Labels:
      None

      Description

      Our security tool raised the following security flaw on kafka 2.7: https://nvd.nist.gov/vuln/detail/CVE-2021-21295

      It is a vulnerability related to jar netty-codec-4.1.51.Final.jar.

      Looking at source code, the netty-codec in trunk and 2.7.0 branches are still vulnerable.

      Based on netty issue tracker, the vulnerability is fixed in 4.1.60.Final: https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ben.c Ben Chen
                Reporter:
                dominique Dominique Mongelli
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: