Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade to latest Jetty version #754

Closed
dpvelasquez opened this issue Sep 6, 2019 · 2 comments
Closed

Upgrade to latest Jetty version #754

dpvelasquez opened this issue Sep 6, 2019 · 2 comments

Comments

@dpvelasquez
Copy link

Jetty 9.4.14.v20181114 has security vulnerabilities where the server is vulnerable to XSS conditions.

https://www.cvedetails.com/cve/CVE-2019-10241/
@findepi
Copy link
Collaborator

findepi commented Sep 6, 2019

From that CVE

... the server is vulnerable to XSS conditions if a remote client USES a specially formatted URL against the DefaultServlet or ResourceHandler that is configured for showing a Listing of directory contents.

I suppose we don't use DefaultServlet nor ResourceHandler configured for showing a Listing of directory contents.
@electrum do we?

(This is not to say we shouldn't upgrade. I'm just trying to understand the situation better.)

@wendigo
Copy link
Contributor

wendigo commented Mar 9, 2024

Completed. Please close @electrum

@findepi findepi closed this as completed Mar 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wendigo @findepi @dpvelasquez