google / data-transfer-project

The Data Transfer Project makes it easy for people to transfer their data between online service providers. We are establishing a common framework, including data models and protocols, to enable direct transfer of data both into and out of participating online service providers.

http://datatransferproject.dev

There is a vulnerability in Jetty: Java based HTTP/1.x, HTTP/2, Servlet, WebSocket Server 9.4.8.v20171121,upgrade recommended

QiAnXinCodeSafe opened this issue 2 years ago · comments

奇安信CodeSafe commented 2 years ago

data-transfer-project/extensions/transport/portability-transport-jettyrest/build.gradle

Line 31 in ef53a7e

compile('org.eclipse.jetty:jetty-webapp:9.4.8.v20171121') {

CVE-2017-7657 CVE-2017-7658 CVE-2021-28165 CVE-2020-27216 CVE-2017-7656

Recommended upgrade version：9.4.43.v20210629

rai31218 commented a year ago

I have created a PR for this.