kapilibm
commented
10 months ago Any update on this ticket in which version the fix will be available
Open vchauhan81 opened 1 year ago
kapilibm
commented
10 months ago Any update on this ticket in which version the fix will be available
Project board link
We use Black Duck scan for security scan and it has reported following security issue for reaper version 3.2.0
Component name : Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server
Component version name : 9.4.43.v20210629
CVE : CVE-2022-2048 (BDSA-2022-1887) - score 7.5 CVE-2022-2047 (BDSA-2022-1891) - score 2.5
Source :
cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/servlets/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/util/preventers/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/util/log/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/server/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/http/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/util/resource/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/util/ajax/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/io/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/continuation/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/util/thread/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/util/component/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/servlet/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/util/ssl/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/security/ cassandra-reaper-3.2.0.jar!/org/eclipse/jetty/util/statistic/
Please confirm, if reaper version 3.2.0 is vulnerable with this issue. If yes, in which version of reaper the issue is being fixed or already addressed.
Thanks in advance.
┆Issue is synchronized with this Jira Story by Unito