Details
-
Bug
-
Resolution: Won't Do
-
Major
-
None
-
None
-
False
-
None
-
False
Description
Bug report
For bug reports, provide this information, please:
What Debezium connector do you use and what version?
debezium/connect-base:1.9.5.Final
This image contains the following vulnerabilities, any plan on remediation?
| Component Name | Component Version | Component Fixed Version | CVEFixedVersion | Component Path | CVE ID |
| maven:io.apicurio:apicurio-registry-distro-connect-converter | 2.1.5.Final | 2.2.4.Final | 2.12.6 | null | sonatype-2021-4682 |
| maven:com.fasterxml.jackson.core:jackson-databind | 2.12.4 | 2.12.6.1 | 2.12.6 | /kafka/external_libs/apicurio/jackson-databind-2.12.4.jar | sonatype-2021-4682 |
| maven:com.fasterxml.jackson.core:jackson-databind | 2.12.4 | 2.12.6.1 | 2.12.6.1 | /kafka/external_libs/apicurio/jackson-databind-2.12.4.jar | CVE-2020-36518 |
| maven:io.apicurio:apicurio-registry-distro-connect-converter | 2.1.5.Final | 2.2.4.Final | 2.12.6.1 | null | CVE-2020-36518 |
| maven:io.netty:netty-common | 4.1.73.Final | 4.1.77.Final | 4.1.77.Final | /kafka/libs/netty-common-4.1.73.Final.jar | CVE-2022-24823 |
| maven:io.netty:netty-handler | 4.1.73.Final | 5.0.0.Alpha1 | NO_PATCH | /kafka/libs/netty-handler-4.1.73.Final.jar | sonatype-2020-0026 |
| maven:com.google.guava:guava | 31.0.1-jre | null | NO_PATCH | /kafka/libs/guava-31.0.1-jre.jar | sonatype-2020-0926 |
| maven:org.eclipse.jetty:jetty-server | 9.4.44.v20210927 | 9.4.47.v20220610 | 9.4.47.v20220610 | /kafka/libs/jetty-server-9.4.44.v20210927.jar | CVE-2022-2047 |
| maven:org.apache.kafka:kafka-streams | 3.2.0 | null | NO_PATCH | /kafka/libs/kafka-streams-3.2.0.jar | sonatype-2019-0422 |
| maven:org.eclipse.jetty:jetty-http | 9.4.44.v20210927 | 9.4.47.v20220610 | 9.4.47.v20220610 | /kafka/libs/jetty-http-9.4.44.v20210927.jar | CVE-2022-2047 |
| maven:org.eclipse.jetty:jetty-client | 9.4.44.v20210927 | 9.4.47.v20220610 | 9.4.47.v20220610 | /kafka/libs/jetty-client-9.4.44.v20210927.jar | CVE-2022-2047 |
