Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-15503

CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16, 12.0.1

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.6.0
    • 3.6.0
    • None

    Description

      CVE-2023-40167 and CVE-2023-36479 vulnerabilities affects Jetty version 9.4.51. For more information see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-364749 

      Upgrading to Jetty version 9.4.52, 10.0.16, 11.0.16, 12.0.1 should address this issue.

      Attachments

        Issue Links

          Activity

            satish.duggana Satish Duggana added a comment -

            https://github.com/apache/kafka/pull/10526 is cherrypicked to 3.6 branch.

            satish.duggana Satish Duggana added a comment - https://github.com/apache/kafka/pull/10526 is cherrypicked to 3.6 branch.

            People

              divijvaidya Divij Vaidya
              rafariossaa Rafael Rios Saavedra
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: