scottbale
commented
10 months ago Thanks for the heads up. This vulnerability affects jetty http servers, not http clients like aws-api.
Closed kevin-ewing closed 10 months ago
scottbale
commented
10 months ago Thanks for the heads up. This vulnerability affects jetty http servers, not http clients like aws-api.
There is a critical vulnerability in a dependent library org.eclipse.jetty:jetty-http@9.4.51.v20230217
Dependencies
(com.cognitect.aws:api@0.8.686 > com.cognitect:http-client@1.0.125 > org.eclipse.jetty:jetty-http@9.4.51.v20230217)
Fixes exist in org.eclipse.jetty:jetty-http version 9.4.53.v20231009, 10.0.16, 11.0.16 or higher.