adejanovski
commented
1 year ago We don't have a fix version for this yet.
Open vchauhan81 opened 1 year ago
adejanovski
commented
1 year ago We don't have a fix version for this yet.
vchauhan81
commented
1 year ago @adejanovski Any idea if version 3.2.0 is vulnerable with this CVE ?
adejanovski
commented
1 year ago Most probably, yes. I've created a PR which upgrades jersey to v2.34 which contains the fix. Let's see how CI goes.
vchauhan81
commented
1 year ago Hi @adejanovski Which version of reaper will have this fix ?
Project board link
We are using cassandra-reaper version 3.2.0 in our product. Recently we did Blackduck security scan and following issue was reported for reaper.
Component name : jersey's jersey
Component version name : 2.33
CVE : CVE-2021-28168 (BDSA-2021-1123) - score 5.5
Can you please help us to confirm -
if version 3.2.0 is vulnerable for these CVE ? if yes, in which version the fix would be available ?
┆Issue is synchronized with this Jira Story by Unito ┆Issue Number: REAP-80