Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-4456

Netty used by zookeeper 3.6.3 is vulnerable to CVE-2021-43797

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 3.6.3
    • None
    • security
    • None

    Description

      Hello everyone,

      I work for a product which uses apache/zookeeper 3.6.3.  We scanned our product with a security scanner which reported CVE-2019-17571, CVE-2021-37137, CVE-2021-37136

      After analysis we found that this vulnerability is coming from zookeeper 3.6.3 because of direct dependency on netty-buffer-4.1.63.Final.jar

       Could you please let us know is there any plan to update netty in coming versions

      Attachments

        Activity

          People

            Unassigned Unassigned
            anishakj Anisha K J
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: