[jira] [Updated] (FLUME-3388) Jetty(6.1.26) is vulnerable to vulnerability attack

Mon, 22 Mar 2021 00:16:21 -0700 


     [ 
https://issues.apache.org/jira/browse/FLUME-3388?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Confuse updated FLUME-3388:
---------------------------
    Description: 
Flume source codes depends jetty jar,as shown in the dependency tree figure 
below:

!image-2021-03-22-15-08-46-549.png!

But jetty 6.1.26 jar has many vulnerabilities,which make the user's business 
vulnerable to hackers. So, can we upgrade jetty jar to a version without 
vulnerabilities or latest version?

 

Vulnerabilities:CVE-2020-8908、CVE-2017-7657、CVE-2017-9735、CVE-2020-27216、CVE-2011-4461、CVE-2009-1523、CVE-2017-7656、CVE-2017-7658、CVE-2019-10246、CVE-2019-10241、CVE-2017-7657、CVE-2017-9735、CVE-2017-7656、CVE-2017-7658、CVE-2020-27216、CVE-2009-1523、CVE-2011-4461

  was:
Flume source codes depends jetty jar,as shown in the dependency tree figure 
below:

!image-2021-03-22-15-08-46-549.png!

but jetty 6.1.26 jar has many vulnerabilities,which make the user's business 
vulnerable to hackers. So, can we upgrade jetty jar to a version without 
vulnerabilities or latest version?


> Jetty(6.1.26) is vulnerable to vulnerability attack
> ---------------------------------------------------
>
>                 Key: FLUME-3388
>                 URL: https://issues.apache.org/jira/browse/FLUME-3388
>             Project: Flume
>          Issue Type: Dependency upgrade
>          Components: Sinks+Sources
>    Affects Versions: 1.9.0
>            Reporter: Confuse
>            Priority: Major
>         Attachments: image-2021-03-22-15-08-46-549.png
>
>
> Flume source codes depends jetty jar,as shown in the dependency tree figure 
> below:
> !image-2021-03-22-15-08-46-549.png!
> But jetty 6.1.26 jar has many vulnerabilities,which make the user's business 
> vulnerable to hackers. So, can we upgrade jetty jar to a version without 
> vulnerabilities or latest version?
>  
> Vulnerabilities:CVE-2020-8908、CVE-2017-7657、CVE-2017-9735、CVE-2020-27216、CVE-2011-4461、CVE-2009-1523、CVE-2017-7656、CVE-2017-7658、CVE-2019-10246、CVE-2019-10241、CVE-2017-7657、CVE-2017-9735、CVE-2017-7656、CVE-2017-7658、CVE-2020-27216、CVE-2009-1523、CVE-2011-4461



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to