5.3
CVSS V3
Status
Justification
Impact
Upstream reviewed this issue and concluded that it does not impact Druid because it does not directly use the HttpURI class. Ref: https://github.com/apache/druid/issues/17492
Status
Impact
Updating jetty to a non-vulnerable version would require 3 major version bumps, which would be a very significant upgrade with multiple breaking changes, and should only be undertaken by the upstream maintainers.
Status