5.3
CVSS V3
Status
Impact
jetty project has backported patch to versions 9, 10 and 11 with a fix for CVE-2024-6763 but has not yet generated releases. Apache-pulsar upstream will have to pull in the updates once they become available
Status
Status
Fixed version
4.0.3-r0Status
Status
Fixed version
4.0.3-r0Status
Impact
Attempting to patch this CVE leads to build failures, and will require an update from upstream maintainers to remediate.
Status
Impact
The fix version of jetty-http is >=12.0.12, requiring a large refactor; there is an issue tracking the effort https://github.com/apache/pulsar/issues/22939
Status