Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Duplicate
-
3.6.3
-
None
-
None
Description
Hello everyone,
I work for a product which uses apache/zookeeper 3.6.3. We scanned our product with a security scanner which reported below security issues. After analysis we found that this vulnerability is coming from zookeeper 3.6.3 because of direct dependency on jetty-io-9.4.39.v20210325.jar
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server | 9.4.39.v20210325 | CVE-2021-34429 | MEDIUM | 5.3 | MEDIUM |
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server | 9.4.39.v20210325 | CVE-2021-34428 | LOW | 3.5 | LOW |
Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server | 9.4.39.v20210325 | CVE-2021-28169 | MEDIUM | 5.3 | MEDIUM |
Could you please let us know is there any plan to update jetty in coming versions