[CVE] jetty CVE #109
Description
What is the bug?
The project uses jetty version 11.0.14 while the versions with fixes are not yet available.
From workflow:
| CVE | Severity | CVSS Score | Vulnerable Library | Suggested Fix | Issue |
|---|---|---|---|---|---|
| WS-2023-0236Path to dependency file: /build.gradlePath to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-xml/11.0.14/30210aaf71149eb446ce9cb0b659472d0f7d1ab5/jetty-xml-11.0.14.jarDependency Hierarchy:-> wiremock-3.0.0-beta-2.jar (Root Library) -> jetty-webapp-11.0.14.jar -> ❌ jetty-xml-11.0.14.jar (Vulnerable Library) | Low | 3.9 | jetty-xml-11.0.14.jar | Upgrade to version: org.eclipse.jetty:jetty-xml:10.0.16,11.0.16,12.0.0 | #59 |
CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue
WS-2023-0236
Path to dependency file: /build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.jetty/jetty-xml/11.0.14/30210aaf71149eb446ce9cb0b659472d0f7d1ab5/jetty-xml-11.0.14.jar
Dependency Hierarchy:
-> wiremock-3.0.0-beta-2.jar (Root Library)
-> jetty-webapp-11.0.14.jar
-> ❌ jetty-xml-11.0.14.jar (Vulnerable Library)
Low 3.9 jetty-xml-11.0.14.jar Upgrade to version: org.eclipse.jetty:jetty-xml:10.0.16,11.0.16,12.0.0 #59