You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Brandon Williams (Jira)" <ji...@apache.org> on 2022/05/17 11:20:00 UTC

[jira] [Commented] (CASSANDRA-17632) Found Third Party Software vulnerabilities/security issue in 3.11.13

    [ https://issues.apache.org/jira/browse/CASSANDRA-17632?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17538119#comment-17538119 ] 

Brandon Williams commented on CASSANDRA-17632:
----------------------------------------------

The netty CVE is new and will be handled in CASSANDRA-17633 but it is one of many others so will likely be suppressed as well.

> Found Third Party Software vulnerabilities/security issue in 3.11.13
> --------------------------------------------------------------------
>
>                 Key: CASSANDRA-17632
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17632
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Amol Nawale
>            Priority: Normal
>
> we have found the below vulnerabilities in Cassandra 3.11.13.zip during the security scan.
> Could you please help us to resolve those?
>  
> [7.5] [CVE-2020-7238] [netty-all] [4.0.44.Final]
> [9.1] [CVE-2019-20444] [netty-all] [4.0.44.Final]
> [9.1] [CVE-2019-20445] [netty-all] [4.0.44.Final]
> [7.5] [CVE-2019-16869] [netty-all] [4.0.44.Final]
> [7.5] [CVE-2018-1320] [libthrift] [0.9.2] [0.9.2]
> [7.5] [CVE-2019-0205] [thrift] [0.9.3]



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org