[
https://issues.apache.org/jira/browse/ASTERIXDB-3057?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Hussain Towaileb resolved ASTERIXDB-3057.
-----------------------------------------
Resolution: Fixed
> Upgrade jetty to 9.4.48
> ------------------------
>
> Key: ASTERIXDB-3057
> URL: https://issues.apache.org/jira/browse/ASTERIXDB-3057
> Project: Apache AsterixDB
> Issue Type: Bug
> Components: OTH - Other
> Affects Versions: 0.9.9
> Reporter: Hussain Towaileb
> Assignee: Hussain Towaileb
> Priority: Major
> Fix For: 0.9.9
>
>
> jetty-util and jetty-util-ajax versions below 9.4.47 have the CVE:
> [https://nvd.nist.gov/vuln/detail/CVE-2022-2048#range-8130163]
> We have infected versions coming as transitive dependencies from the hadoop
> 3.3.2, hadoop seems to address this in 3.3.4 which is not released yet.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
