Open pranayk01 opened 2 years ago
Some vulnerable packages are reported in kafka-connect-storage-common git.
Netty 4.1.71.Final https://nvd.nist.gov/vuln/detail/CVE-2022-24823 Fixed in 4.1.77 version
Jetty 9.4.43.v20210629 https://nvd.nist.gov/vuln/detail/CVE-2022-2048 Fixed in 9.4.48.v20220622
Bumping up to the versions which have the fix for vulnerabilities.
All committers have signed the CLA.
Thank you for raising this issue. We are aware of those issues and plan on addressing them in an upcoming release cycle.
Problem
Some vulnerable packages are reported in kafka-connect-storage-common git.
Netty 4.1.71.Final https://nvd.nist.gov/vuln/detail/CVE-2022-24823 Fixed in 4.1.77 version
Jetty 9.4.43.v20210629 https://nvd.nist.gov/vuln/detail/CVE-2022-2048 Fixed in 9.4.48.v20220622
Solution
Bumping up to the versions which have the fix for vulnerabilities.