[jira] [Created] (KAFKA-15503) CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16, 12.0.1

Satish Duggana (Jira) Mon, 25 Sep 2023 10:40:16 -0700

Satish Duggana created KAFKA-15503:
--------------------------------------

             Summary: CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 
10.0.16, 11.0.16, 12.0.1
                 Key: KAFKA-15503
                 URL: https://issues.apache.org/jira/browse/KAFKA-15503
             Project: Kafka
          Issue Type: Bug
    Affects Versions: 2.7.0, 2.6.1, 3.4.1, 3.6.0, 3.5.1
            Reporter: Rafael Rios Saavedra
            Assignee: Divij Vaidya
             Fix For: 2.8.0, 2.7.1, 2.6.2, 3.0.0



CVE-2023-40167 and CVE-2023-36479 vulnerabilities affects Jetty version 
{*}9.4.51{*}. For more information see 
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40167] 
[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-364749] 

Upgrading to Jetty version *9.4.52, 10.0.16, 11.0.16, 12.0.1* should address 
this issue.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Created] (KAFKA-15503) CVE-2023-40167, CVE-2023-36479 - Upgrade jetty to 9.4.52, 10.0.16, 11.0.16, 12.0.1

Reply via email to