Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] CVE's Observed in OpenID Jar from Jetty 9.4.31

Hi all,

We're using Jetty as the web server in our project. My team hold regular security scans on all 3rd party libs.The latest scan reported 2 CVE's (CVE-2007-1651CVE-2007-1652) were found in OpenID jar, carried by Jetty 9.4.31. However, these two CVE's were reported back in 2007. Though it's hard to believe the vulnerabilities are not addressed today, could anyone help check if the two reported issues still exist in the latest version? Many thanks!

Best,
Yicheng

Back to the top