google/data-transfer-project

There is a vulnerability in Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.4.8.v20171121,upgrade recommended

QiAnXinCodeSafe opened this issue 4 years ago · 0 comments

QiAnXinCodeSafe commented 4 years ago

data-transfer-project/extensions/transport/portability-transport-jettyrest/build.gradle

Line 31 in d5c4479

compile('org.eclipse.jetty:jetty-webapp:9.4.8.v20171121') {

CVE-2017-7658 CVE-2017-7657 CVE-2017-7656 CVE-2018-12545

Recommended upgrade version：9.4.35.v20201120