You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@zookeeper.apache.org by "Anisha K J (Jira)" <ji...@apache.org> on 2022/01/27 15:57:00 UTC

[jira] [Created] (ZOOKEEPER-4456) Netty used by zookeeper 3.6.3 is vulnerable to CVE-2021-43797

Anisha K J created ZOOKEEPER-4456:
-------------------------------------

             Summary: Netty used by zookeeper 3.6.3 is vulnerable to CVE-2021-43797 
                 Key: ZOOKEEPER-4456
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-4456
             Project: ZooKeeper
          Issue Type: Bug
    Affects Versions: 3.6.3
            Reporter: Anisha K J


Hello everyone,

I work for a product which uses apache/zookeeper 3.6.3.  We scanned our product with a security scanner which reported CVE-2019-17571, CVE-2021-37137, CVE-2021-37136

After analysis we found that this vulnerability is coming from zookeeper 3.6.3 because of direct dependency on netty-buffer-4.1.63.Final.jar

 Could you please let us know is there any plan to update netty in coming versions



--
This message was sent by Atlassian Jira
(v8.20.1#820001)