-
Notifications
You must be signed in to change notification settings - Fork 1.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-2191 and jetty-io@9.4.48.v20220622 #8277
Labels
Comments
See prior comments, and our advisory (the master database at github has not been updated yet):
Also, Jetty 9.4.x is now at End of Community Support, you are strongly encouraged to upgrade to Jetty 10+ as soon as possible. See: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I get today a security warning from the org.owasp:dependency-check-gradle tool for the library jetty-io@9.4.48.v20220622 that it include affected form CVE-2022-2191.
The description of CVE-2022-2191 suggest that the version 9.x is not affected. Also there is no newer 9.x version.
Is this security warning a false positive? Or will this not fixed in version 9.x because EOL?
The text was updated successfully, but these errors were encountered: