google/data-transfer-project

There is a vulnerability in Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.4.8.v20171121,upgrade recommended

QiAnXinCodeSafe opened this issue 2 years ago · 1 comments

QiAnXinCodeSafe commented 2 years ago

data-transfer-project/extensions/transport/portability-transport-jettyrest/build.gradle

Line 31 in ef53a7e

compile('org.eclipse.jetty:jetty-webapp:9.4.8.v20171121') {

CVE-2017-7657 CVE-2017-7658 CVE-2021-28165 CVE-2020-27216 CVE-2017-7656

Recommended upgrade version：9.4.43.v20210629

rai31218 commented a year ago

I have created a PR for this.