[jira] [Commented] (FELIX-6569) Felix embeds vulnerable version of Jetty (CVE-2022-2048)

Akanksha Jain (Jira) Thu, 06 Oct 2022 04:29:32 -0700


    [ 
https://issues.apache.org/jira/browse/FELIX-6569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17613452#comment-17613452
 ]


Akanksha Jain commented on FELIX-6569:
--------------------------------------

[~cziegeler] 

I have updated the jetty version in [Apache Felix Http 
Jetty|https://github.com/apache/felix-dev/tree/master/http/jetty-4.x]
PR: [https://github.com/apache/felix-dev/pull/175]

Request you to review the PR and if it looks good, please merge the changes.

> Felix embeds vulnerable version of Jetty (CVE-2022-2048)
> --------------------------------------------------------
>
>                 Key: FELIX-6569
>                 URL: https://issues.apache.org/jira/browse/FELIX-6569
>             Project: Felix
>          Issue Type: Bug
>            Reporter: Akanksha Jain
>            Priority: Major
>
> Vulnerability: [https://nvd.nist.gov/vuln/detail/CVE-2022-2048]
> Description: 
> [https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j]
>  
> Summary: 
> Felix version <= 4.2.1 uses Jetty version < 9.4.46 which is vulnerable to 
> CVE-2022-2048.
> The fix for the above vulnerability is available in Jetty version 9.4.47. 
> 10.0.10, 11.0.10.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Commented] (FELIX-6569) Felix embeds vulnerable version of Jetty (CVE-2022-2048)

Reply via email to