Describe the bug
CVE-2024-13009
- /usr/share/opensearch/plugins/opensearch-skills/spark-core_2.13-3.5.4.jar:org.eclipse.jetty:jetty-io (fixed in: 9.4.57.v20241219)
- /usr/share/opensearch/plugins/opensearch-skills/spark-core_2.13-3.5.4.jar:org.eclipse.jetty:jetty-servlet (fixed in: 9.4.57.v20241219)
- /usr/share/opensearch/plugins/opensearch-skills/spark-core_2.13-3.5.4.jar:org.eclipse.jetty:jetty-util (fixed in: 9.4.57.v20241219)
- /usr/share/opensearch/plugins/opensearch-skills/spark-core_2.13-3.5.4.jar:org.eclipse.jetty:jetty-servlets (fixed in: 9.4.57.v20241219)
- /usr/share/opensearch/plugins/opensearch-skills/spark-core_2.13-3.5.4.jar:org.eclipse.jetty:jetty-proxy (fixed in: 9.4.57.v20241219)
- /usr/share/opensearch/plugins/opensearch-skills/spark-core_2.13-3.5.4.jar:org.eclipse.jetty:jetty-client (fixed in: 9.4.57.v20241219)
- /usr/share/opensearch/plugins/opensearch-skills/spark-core_2.13-3.5.4.jar:org.eclipse.jetty:jetty-plus (fixed in: 9.4.57.v20241219)
- /usr/share/opensearch/plugins/opensearch-skills/spark-core_2.13-3.5.4.jar:org.eclipse.jetty:jetty-security (fixed in: 9.4.57.v20241219)
- /usr/share/opensearch/plugins/opensearch-skills/spark-core_2.13-3.5.4.jar:org.eclipse.jetty:jetty-continuation (fixed in: 9.4.57.v20241219)
CVE-2025-53066
- /usr/share/opensearch/jdk/release (fixed in: 1.8.0_472, 11.0.29, 17.0.17, 21.0.9, 25.0.1, 8.0.472)
Related component
Other
To Reproduce
Scan 2.19.4 image
Expected behavior
Update vulnerable dependencies to the fix version
Additional Details
No response
Describe the bug
CVE-2024-13009
CVE-2025-53066
Related component
Other
To Reproduce
Scan 2.19.4 image
Expected behavior
Update vulnerable dependencies to the fix version
Additional Details
No response