[JOC-1627] Update Jetty from 11.0.15 to 11.0.16 due to vulnerability CVE-2023-36479 - SOS JIRA

XML

Word

Printable

Details

Type: Fix
Status: Released (View Workflow)
Priority: Medium
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.5.6, 2.6.3
Component/s: JOC Cockpit Web Service
Labels:
None

CVE-ID:
CVE-2023-36479

Description

Current Situation

JS7 JOC Cockpit ships with Jetty 11.0.15
A vulnerability affects this library:: https://nvd.nist.gov/vuln/detail/CVE-2023-36479

Impact

We rate the impact to our software being low as our implementation does not make use of CGI. There is no exploit for JS7.

Desired Behavior

JS7 JOC Cockpit should ship with the latest version 11.0.16 of Jetty which fixes the vulnerability.

Attachments

Issue Links

relates to

JOC-1658 Upgrade Jetty 11.0.15 to 11.0.17 due to vulnerability CVE-2023-44487

Released

Activity

People

Assignee:: Santiago Aucejo Petzoldt

Reporter:: Andreas Püschel

Approver:: Pramokshi Narawariya

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 22 September 2023 18:29

Updated:: 09 November 2023 13:53

Resolved:: 25 September 2023 08:31