[jira] [Assigned] (RANGER-5024) Upgrade Jetty dependency to address CVE-2024-8184

Basapuram Kumar (Jira) Thu, 09 Jan 2025 19:09:39 -0800


     [ 
https://issues.apache.org/jira/browse/RANGER-5024?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Basapuram Kumar reassigned RANGER-5024:
---------------------------------------

    Assignee: Basapuram Kumar

> Upgrade Jetty dependency to address  CVE-2024-8184
> --------------------------------------------------
>
>                 Key: RANGER-5024
>                 URL: https://issues.apache.org/jira/browse/RANGER-5024
>             Project: Ranger
>          Issue Type: Improvement
>          Components: Ranger
>    Affects Versions: 2.4.0, 2.5.0
>            Reporter: Basapuram Kumar
>            Assignee: Basapuram Kumar
>            Priority: Major
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> CVE-2024-8184 reference [https://nvd.nist.gov/vuln/detail/CVE-2024-8184]
>  
> CVE Description
> There exists a security vulnerability in Jetty's 
> ThreadLimitHandler.getRemote() which can be exploited by unauthorized users 
> to cause remote denial-of-service (DoS) attack. By repeatedly sending crafted 
> requests, attackers can trigger OutofMemory errors and exhaust the server's 
> memory.
>  
> Suggesting to upgrade - 9.4.56.v20240826



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Assigned] (RANGER-5024) Upgrade Jetty dependency to address CVE-2024-8184

Reply via email to