[ https://issues.apache.org/jira/browse/FELIX-6569?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler closed FELIX-6569. ----------------------------------- > Felix embeds vulnerable version of Jetty (CVE-2022-2048) > -------------------------------------------------------- > > Key: FELIX-6569 > URL: https://issues.apache.org/jira/browse/FELIX-6569 > Project: Felix > Issue Type: Bug > Affects Versions: http.jetty-4.2.0 > Reporter: Akanksha Jain > Assignee: Carsten Ziegeler > Priority: Major > Fix For: http.jetty-4.2.2 > > > Vulnerability: [https://nvd.nist.gov/vuln/detail/CVE-2022-2048] > Description: > [https://github.com/eclipse/jetty.project/security/advisories/GHSA-wgmr-mf83-7x4j] > > Summary: > Felix version <= 4.2.1 uses Jetty version < 9.4.46 which is vulnerable to > CVE-2022-2048. > The fix for the above vulnerability is available in Jetty version 9.4.47. > 10.0.10, 11.0.10. -- This message was sent by Atlassian Jira (v8.20.10#820010)