You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Benedict Elliott Smith (Jira)" <ji...@apache.org> on 2021/02/19 23:09:00 UTC
[jira] [Commented] (CASSANDRA-16463) high and critical CVEs
io.netty to 4.1.42.Final to fix critical and high vulnerabilities
[ https://issues.apache.org/jira/browse/CASSANDRA-16463?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17287404#comment-17287404 ]
Benedict Elliott Smith commented on CASSANDRA-16463:
----------------------------------------------------
datastax/cassandra-mgmtapi-3_11_7 is not an Apache Cassandra project. Please contact DataStax to discuss this CVE.
> high and critical CVEs io.netty to 4.1.42.Final to fix critical and high vulnerabilities
> ----------------------------------------------------------------------------------------
>
> Key: CASSANDRA-16463
> URL: https://issues.apache.org/jira/browse/CASSANDRA-16463
> Project: Cassandra
> Issue Type: Improvement
> Components: Dependencies
> Reporter: Bhargav Joshi
> Priority: High
>
> Repository | Tag | CVE ID | Severity | Packages | Source Package | Package Version | Fix Status
> -- | -- | -- | -- | -- | -- | -- | --
> datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-20445 | critical | io.netty_netty-all | | 4.0.44.Final | fixed in 4.1.44
> datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-20444 | critical | io.netty_netty-all | | 4.0.44.Final | fixed in 4.1.44
> datastax/cassandra-mgmtapi-3_11_7 | v0.1.22 | CVE-2019-16869 | high | io.netty_netty-all | | 4.0.44.Final | fixed in 4.1.42.Final
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org