Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix:Veracode CVEs fix #179

Merged
merged 2 commits into from
Oct 23, 2023
Merged

fix:Veracode CVEs fix #179

merged 2 commits into from
Oct 23, 2023

Conversation

shijinrajbosch
Copy link
Contributor

Description

Veracode CVEs fix in jetty-http jar.

  • CVE-2023-36478 | CWE-190
    Denial Of Service (DoS): org.eclipse.jetty is vulnerable to Denial Of Service (DoS). The vulnerability arises from the library's failure to appropriately limit the size in HPACK header values. This allows an attacker to repeatedly send maliciously crafted HTTP messages, leading to an integer overflow and ultimately causing an application crash through the checkSize function in MetaDataBuilder.java.

  • CVE-2023-40167| CWE-130
    HTTP Request Smuggling: Jetty is vulnerable to HTTP Request Smuggling. The vulnerability is due to accepting + character proceeding the content-length in the request. This vulnerability can be exploited by the attacker to possibly conduct request smuggling attacks.

@sonarcloud
Copy link

sonarcloud bot commented Oct 23, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

agg3fe
agg3fe approved these changes Oct 23, 2023
View reviewed changes
Copy link
Contributor

@agg3fe agg3fe left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

tunacicek
tunacicek approved these changes Oct 23, 2023
View reviewed changes
Copy link
Contributor

@tunacicek tunacicek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@agg3fe agg3fe merged commit 6545da6 into eclipse-tractusx:main Oct 23, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@agg3fe agg3fe agg3fe approved these changes

@tunacicek tunacicek tunacicek approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@shijinrajbosch @tunacicek @agg3fe