wso2is
Chainguard
5.3
CVSS V3
Status
Impact
This vulnerability originates from 'jetty-http', which is a transitive dependency multiple levels deep in the dependency tree. The wso2is project depends on carbon.registry, which in turn depends on 'solr', which contains the affected jetty-http version. Attempts at upgrading the top-level dependency were not successful, the latest version of carbon.registry pins to the affected version of solr. Pending fix from upstream.
Status