CVE-2020-27216 : In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.b

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

Published 2020-10-23 13:15:16

Updated 2022-03-01 20:35:39

Source Eclipse Foundation

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2020-27216

Debian » Debian Linux » Version: 9.0
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Apache » Beam » Version: 2.21.0
cpe:2.3:a:apache:beam:2.21.0:*:*:*:*:*:*:*
Matching versions
Apache » Beam » Version: 2.22.0
cpe:2.3:a:apache:beam:2.22.0:*:*:*:*:*:*:*
Matching versions
Apache » Beam » Version: 2.23.0
cpe:2.3:a:apache:beam:2.23.0:*:*:*:*:*:*:*
Matching versions
Apache » Beam » Version: 2.24.0
cpe:2.3:a:apache:beam:2.24.0:*:*:*:*:*:*:*
Matching versions
Apache » Beam » Version: 2.25.0
cpe:2.3:a:apache:beam:2.25.0:*:*:*:*:*:*:*
Matching versions
Oracle » Jd Edwards Enterpriseone Tools
Versions before (<) 9.2.6.0
cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
Matching versions
Oracle » Flexcube Private Banking » Version: 12.0.0
cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*
Matching versions
Oracle » Flexcube Private Banking » Version: 12.1.0
cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*
Matching versions
Oracle » Flexcube Core Banking
Versions from including (>=) 11.5.0 and up to, including, (<=) 11.9.0
cpe:2.3:a:oracle:flexcube_core_banking:*:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Application Session Controller » Version: 3.9m0p2
cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p2:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Converged Application Server - Service Controller » Version: 6.2
cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Pricing Design Center » Version: 12.0.0.3.0
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Services Gatekeeper » Version: 7.0
cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Element Manager
Versions from including (>=) 8.2.1 and up to, including, (<=) 8.2.2.1
cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*
Matching versions
Oracle » Communications Offline Mediation Controller » Version: 12.0.0.3.0
cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*
Matching versions
Oracle » Siebel Core - Automation
Versions up to, including, (<=) 21.5
cpe:2.3:a:oracle:siebel_core_-_automation:*:*:*:*:*:*:*:*
Matching versions
Netapp » Snap Creator Framework » Version: N/A
cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*
Matching versions
Netapp » Vasa Provider » For Clustered Data Ontap
Versions from including (>=) 7.2
cpe:2.3:a:netapp:vasa_provider:*:*:*:*:*:clustered_data_ontap:*:*
Matching versions
Netapp » Snapcenter » Version: N/A
cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
Matching versions
Netapp » Virtual Storage Console » For Vmware Vsphere
Versions from including (>=) 7.2
cpe:2.3:a:netapp:virtual_storage_console:*:*:*:*:*:vmware_vsphere:*:*
Matching versions
Netapp » Storage Replication Adapter » For Clustered Data Ontap
Versions from including (>=) 7.2
cpe:2.3:a:netapp:storage_replication_adapter:*:*:*:*:*:clustered_data_ontap:*:*
Matching versions
When used together with: Vmware » Vsphere » Version: N/A
Eclipse » Jetty
Versions from including (>=) 9.4.0 and up to, including, (<=) 9.4.32
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
Matching versions
Eclipse » Jetty
Versions from including (>=) 1.0 and before (<) 9.3.29
cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*
Matching versions
Eclipse » Jetty » Version: 10.0.0 Update Beta2
cpe:2.3:a:eclipse:jetty:10.0.0:beta2:*:*:*:*:*:*
Matching versions
Eclipse » Jetty » Version: 11.0.0 Update Beta2
cpe:2.3:a:eclipse:jetty:11.0.0:beta2:*:*:*:*:*:*
Matching versions
Eclipse » Jetty » Version: 10.0.0 Update Alpha1
cpe:2.3:a:eclipse:jetty:10.0.0:alpha1:*:*:*:*:*:*
Matching versions
Eclipse » Jetty » Version: 10.0.0 Update Beta0
cpe:2.3:a:eclipse:jetty:10.0.0:beta0:*:*:*:*:*:*
Matching versions
Eclipse » Jetty » Version: 10.0.0 Update Beta1
cpe:2.3:a:eclipse:jetty:10.0.0:beta1:*:*:*:*:*:*
Matching versions
Eclipse » Jetty » Version: 11.0.0 Update Beta1
cpe:2.3:a:eclipse:jetty:11.0.0:beta1:*:*:*:*:*:*
Matching versions
Eclipse » Jetty » Version: 11.0.0 Update Alpha1
cpe:2.3:a:eclipse:jetty:11.0.0:alpha1:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2020-27216

EPSS FAQ

0.02%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 3 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2020-27216

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.0	HIGH	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.0	5.9	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2020-27216

CWE-378 Creation of Temporary File With Insecure Permissions

Opening temporary files without appropriate measures or controls can leave the file, its contents and any function that it impacts vulnerable to attack.

Assigned by: emo@eclipse.org (Secondary)
CWE-379 Creation of Temporary File in Directory with Insecure Permissions

The product creates a temporary file in a directory whose permissions allow unintended actors to determine the file's existence or otherwise access that file.

Assigned by: emo@eclipse.org (Secondary)

References for CVE-2020-27216

https://lists.apache.org/thread.html/r9cc76b98f87738791b8ec3736755f92444d3c8cb26bd4e4ffdb5c1cc@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rd58b60ab2e49ebf21022e59e280feb25899ff785c88f31fe314aa5b9@%3Ccommits.shiro.apache.org%3E

Pony Mail!
Mailing List;Patch;Third Party Advisory
https://lists.apache.org/thread.html/r503045a75f4419d083cb63ac89e765d6fb8b10c7dacc0c54fce07cff@%3Creviews.iotdb.apache.org%3E

[GitHub] [iotdb] wangchao316 commented on pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r6dfa64ecc3d67c1a71c08bfa04064549179d499f8e20a8285c57bd51@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rbf99e4495461099cad9aa62e0164f8f25a7f97b791b4ace56e375f8d@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r874688141495df766e62be095f1dfb0bf4a24ca0340d8e0215c03fab@%3Cissues.zookeeper.apache.org%3E

[jira] [Assigned] (ZOOKEEPER-4023) CLONE - Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/ra55e04d5a73afcb8383f4386e2b26832c6e3972e53827021ab885943@%3Ccommits.shiro.apache.org%3E

[GitHub] [shiro] fpapon merged pull request #262: Update Jetty to 9.4.33.v20201020 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r100c5c7586a23a19fdb54d8a32e17cd0944bdaa46277b35c397056f6@%3Cnotifications.zookeeper.apache.org%3E

[GitHub] [zookeeper] anmolnar commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rdddb4b06e86fd58a1beda132f22192af2f9b56aae8849cb3767ccd55@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r0e9efe032cc65433251ee6470c66c334d4e7db9101e24cf91a3961f2@%3Ccommits.directory.apache.org%3E

Pony Mail!
Mailing List;Patch;Third Party Advisory
https://lists.apache.org/thread.html/rcdcf32952397c83a1d617a8c9cd5c15c98b8d0d38a607972956bde7e@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r93d5e81e879120d8d87925dbdd4045cb3afa9b066f4370f60b626ce3@%3Ccommits.druid.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r1ef28b89ff0281c87ba3a7659058789bf28a99b8074191f1c3678db8@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r58f5b14dc5ae43583db3a7e872419aca97ebe47bcd7f7334f4128016@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rae15d73cabef55bad148e4e6449b05da95646a2a8db3fc938e858dff@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r382870d6ccfd60533eb0d980688261723ed8a0704dafa691c4e9aa68@%3Ccommits.iotdb.apache.org%3E

[iotdb] branch master updated: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r18b6f10d9939419bae9c225d5058c97533cb376c9d6d0a0733ddd48d@%3Cnotifications.zookeeper.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r8045eedd6bb74efcd8e01130796adbab98ee4a0d1273509fb1f2077a@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r568d354961fa88f206dc345411fb11d245c6dc1a8da3e80187fc6706@%3Cdev.zookeeper.apache.org%3E

Re: Owasp test failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r93b240be16e642579ed794325bae31b040e1af896ecc12466642e19d@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://security.netapp.com/advisory/ntap-20201123-0005/

CVE-2020-27216 Eclipse Jetty Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://lists.apache.org/thread.html/r336b1694a01858111e4625fb9ab2b07ad43a64a525cf6402e06aa6bf@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921

567921 – (CVE-2020-27216) Jetty vulnerable to temporary directory hijacking
Exploit;Patch;Vendor Advisory
https://lists.apache.org/thread.html/raa9c370ab42d737e93bc1795bb6a2187d7c60210cd5e3b3ce8f3c484@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r73b5a9b677b707bbb7c1469ea746312c47838b312603bada9e382bba@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r6236ae4adc401e3b2f2575c22865f2f6c6ea9ff1d7b264b40d9602af@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6#advisory-comment-63053

Local Temp Directory Hijacking Vulnerability · Advisory · eclipse/jetty.project · GitHub
Exploit;Mitigation;Third Party Advisory
https://lists.apache.org/thread.html/rc1646894341450fdc4f7e96a88f5e2cf18d8004714f98aec6b831b3e@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r6f51a654ac2e67e3d1c65a8957cbbb127c3f15b64b4fcd626df03633@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r1d40368a309f9d835dcdd900249966e4fcbdf98c1cc4c84db2cd9964@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rb69b1d7008a4b3de5ce5867e41a455693907026bc70ead06867aa323@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r351298dd39fc1ab63303be94b0c0d08acd72b17448e0346d7386189b@%3Cissues.beam.apache.org%3E

[jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r87d8337300a635d66f0bb838bf635cdfcbba6b92c608a7813adbf4f4@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r8cacf91ae1b17cc6531d20953c52fa52f6fd3191deb3383446086ab7@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rd7e62e2972a41c2658f41a824b8bdd15644d80fcadc51fe7b7c855de@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://www.oracle.com//security-alerts/cpujul2021.html

Oracle Critical Patch Update Advisory - July 2021
Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rb077d35f2940191daeefca0d6449cddb2e9d06bcf8f5af4da2df3ca2@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/re08b03cd1754b32f342664eead415af48092c630c8e3e0deba862a26@%3Ccommits.shiro.apache.org%3E

[GitHub] [shiro] coheigea opened a new pull request #262: Update Jetty to 9.4.33.v20201020 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rde11c433675143d8d27551c3d9e821fe1955f1551a518033d3716553@%3Cdev.zookeeper.apache.org%3E

Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r5a9462096c71593e771602beb0e69357adb5175d9a5c18d5181e0ab4@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html

Oracle Critical Patch Update Advisory - January 2022
Not Applicable;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r2e02700f7cfecb213de50be83e066086bea90278cd753db7fdc2ccff@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r9cd444f944241dc26d9b8b007fe8971ed7f005b56befef7a4f4fb827@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r2f732ee49d00610683ab5ddb4692ab25136b00bfd132ca3a590218a9@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r2aa316d008dab9ae48350b330d15dc1b863ea2a933558fbfc42b91a6@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r9f8c45a2a4540911cd8bd0485f67e8091883c9234d7a3aeb349c46c1@%3Creviews.iotdb.apache.org%3E

[GitHub] [iotdb] jixuan1989 commented on pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rcfb95a7c69c4b9c082ea1918e812dfc45aa0d1e120fd47f68251a336@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r1d45051310b11c6d6476f20d71b08ea97cb76846cbf61d196bac1c3f@%3Cdev.zookeeper.apache.org%3E

[jira] [Created] (ZOOKEEPER-4023) CLONE - Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r9b790fe3a93121199f41258474222f15002b2f729495aa7ecbf90718@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rc4b972ea10c5a65c6a88a6e233778718ab9af7f484affdd5e5de0cff@%3Ccommits.felix.apache.org%3E

[felix-dev] branch master updated: FELIX-6364 Security vulnerability CVE-2020-27216 , update jetty (#63) - Pony Mail
Mailing List;Patch;Third Party Advisory
https://lists.apache.org/thread.html/r9d9b4b93df7f92cdf1147db0fc169be1776c93d1fbc63bc65721fffd@%3Cdev.knox.apache.org%3E

[jira] [Created] (KNOX-2615) Upgrade to jetty-webapp.9.4.33 due to CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rde782fd8e133f7e04e50c8aaa4774df524367764eb5b85bf60d96747@%3Cnotifications.zookeeper.apache.org%3E

[GitHub] [zookeeper] eolivelli commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r3b0ce1549a1ccdd7e51ec66daf8d54d46f1571edbda88ed09c96d7da@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r1fe31643fc34b4a33ae3d416d92c271aa97663f1782767d25e1d9ff8@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r769411eb43dd9ef77665700deb7fc491fc3ceb532914260c90b56f2f@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r09b345099b4f88d2bed7f195a96145849243fb4e53661aa3bcf4c176@%3Cissues.zookeeper.apache.org%3E

[jira] [Created] (ZOOKEEPER-4023) CLONE - Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rc9d2ab8a6c7835182f20b01104798e67c75db655c869733a0713a590@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r4946ffd86ad6eb7cb7863311235c914cb41232380de8d9dcdb3c115c@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r19e8b338af511641d211ff45c43646fe1ae19dc9897d69939c09cabe@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rd0e44e8ef71eeaaa3cf3d1b8b41eb25894372e2995ec908ce7624d26@%3Ccommits.pulsar.apache.org%3E

[GitHub] [pulsar] yanshuchong opened a new issue #8967: CVSS issue list - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r90b5ac6e2bf190a5297bda58c7ec76d01cd86ff050b2470fcd9f4b35@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r7bdc83513c12db1827b79b8d57a7a0975a25d28bc6c5efe590ec1e02@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r2d17b2a4803096ba427f3575599ea29b55f5cf9dbc1f12ba044cae1a@%3Cnotifications.zookeeper.apache.org%3E

[GitHub] [zookeeper] ztzg commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r8fead0144bb84d8714695c43607dca9c5101aa028a431ec695882fe5@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2021.html

Oracle Critical Patch Update Advisory - January 2021
Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r279254a1bd6434c943da52000476f307e62b6910755387aeca1ec9a1@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rfd9f102864a039f7fda64a580dfe1a342d65d7b723ca06dc9fbceb31@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r4f29fb24639ebc5d15fc477656ebc2b3aa00fcfbe197000009c26b40@%3Cissues.zookeeper.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r6b83ca85c8f9a6794b1f85bc70d1385ed7bc1ad07750d0977537154a@%3Cissues.beam.apache.org%3E

[jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r547bb14c88c5da2588d853ed3030be0109efa537dd797877dff14afd@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r0df8fe10fc36028cf6d0381ab66510917d0d68bc5ef7042001d03830@%3Cdev.zookeeper.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html

Oracle Critical Patch Update Advisory - April 2021
Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rcdd56ab4255801a0964dcce3285e87f2c6994e6469e189f6836f34e3@%3Cnotifications.iotdb.apache.org%3E

[jira] [Created] (IOTDB-1181) Upgrade jetty jar to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r827d17bf6900eddc686f4b6ee16fc5e52ca0070f8df7612222c40ac5@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rc8dd95802be0cca8d7d0929c0c8484ede384ecb966b2a9dc7197b089@%3Creviews.iotdb.apache.org%3E

[GitHub] [iotdb] wangchao316 opened a new pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r9c010b79140452294292379183e7fe8e3533c5bb4db3f3fb39a6df61@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r0d7ad4f02c44d5d53a9ffcbca7ff4a8138241322da9c5c35b5429630@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rdbf1cd0ab330c032f3a09b453cb6405dccc905ad53765323bddab957@%3Cissues.zookeeper.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r0f5e9b93133ef3aaf31484bc3e15cc4b85f8af0fe4de2dacd9379d72@%3Cdev.felix.apache.org%3E

[jira] [Assigned] (FELIX-6364) Security vulnerability CVE-2020-27216 ,update jetty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e6bc3bd7b65fabcc21@%3Ccommits.samza.apache.org%3E

[GitHub] [samza] Telesia opened a new pull request #1471: SAMZA-2630: Upgrade dependencies for security fixes - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rcff5caebfd535195276aaabc1b631fd55a4ff6b14e2bdfe33f18ff91@%3Creviews.iotdb.apache.org%3E

[GitHub] [iotdb] jixuan1989 merged pull request #2768: [IOTDB-1181] Upgrade jetty jar to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r44115ebfbf3b7d294d7a75f2d30bcc822dab186ebbcc2dce11915ca9@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rb81a018f83fe02c95a2138a7bb4f1e1677bd7e1fc1e7024280c2292d@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rc1d9b8e9d17749d4d2b9abaaa72c422d090315bd6bc0ae73a16abc1c@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rbc5a8d7a0a13bc8152d427a7e9097cdeb139c6cfe111b2f00f26d16b@%3Cissues.zookeeper.apache.org%3E

[jira] [Updated] (ZOOKEEPER-4023) dependency-check:check failing - Jetty 9.4.34.v20201102 - CVE-2020-27218 - Pony Mail
Mailing List;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r87b0c69fef09277333a7e1716926d1f237d462e143a335854ddd922f@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r5494fdaf4a0a42a15c49841ba7ae577d466d09239ee1050458da0f29@%3Cjira.kafka.apache.org%3E

[GitHub] [kafka] niteshmor opened a new pull request #9556: MINOR: Update jetty to 9.4.33 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r171846414347ec5fed38241a9f8a009bd2c89d902154c6102b1fb39a@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r3f32cb4965239399c22497a0aabb015b28b2372d4897185a6ef0ccd7@%3Cissues.beam.apache.org%3E

[jira] [Assigned] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rc77918636d8744d50312e4f67ba2e01f47db3ec5144540df8745cb38@%3Cissues.beam.apache.org%3E

[jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/raf9c581b793c30ff8f55f2415c7bd337eb69775aae607bf9ed1b16fb@%3Cdev.zookeeper.apache.org%3E

Owasp test failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r407c316f6113dfc76f7bb3cb1693f08274c521064a92e5214197548e@%3Cissues.beam.apache.org%3E

[jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r70f8bcccd304bd66c1aca657dbfc2bf11f73add9032571b01f1f733d@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r07525dc424ed69b3919618599e762f9ac03791490ca9d724f2241442@%3Cdev.felix.apache.org%3E

[jira] [Updated] (FELIX-6364) Security vulnerability CVE-2020-27216 ,update jetty - Pony Mail
Mailing List;Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00016.html

[SECURITY] [DLA 2661-1] jetty9 security update
Mailing List;Third Party Advisory

CVEs referencing this url
https://www.debian.org/security/2021/dsa-4949

Debian -- Security Information -- DSA-4949-1 jetty9
Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/rb5f2558ea2ac63633dfb04db1e8a6ea6bb1a2b8614899095e16c6233@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r2122537d3f9beb0ce59f44371a951b226406719919656ed000984bd0@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r8dd01541fc49d24ec223365a9974231cbd7378b749247a89b0a52210@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r71da5f51ef04cb95abae560425dce9667740cbd567920f516f76efb7@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r911c1879258ebf98bca172c0673350eb7ea6569ca1735888d4cb7adc@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r916b6542bd5b15a8a7ff8fc14a0e0331e8e3e9d682f22768ae71d775@%3Cissues.beam.apache.org%3E

[jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://www.oracle.com/security-alerts/cpuoct2021.html

Oracle Critical Patch Update Advisory - October 2021
Patch;Third Party Advisory

CVEs referencing this url
https://lists.apache.org/thread.html/r3a763de620be72b6d74f46ec4bf39c9f35f8a0b39993212c0ac778ec@%3Ccommits.zookeeper.apache.org%3E

[zookeeper] branch branch-3.6 updated: ZOOKEEPER-4017: Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Patch;Third Party Advisory
https://lists.apache.org/thread.html/r1dbb87c9255ecefadd8de514fa1d35c1d493c0527d7672cf40505d04@%3Ccommits.zookeeper.apache.org%3E

[zookeeper] branch branch-3.5 updated: ZOOKEEPER-4017: Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Patch;Third Party Advisory
https://lists.apache.org/thread.html/rad255c736fad46135f1339408cb0147d0671e45c376c3be85ceeec1a@%3Cnotifications.zookeeper.apache.org%3E

[GitHub] [zookeeper] asfgit closed pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r3e05ab0922876e74fea975d70af82b98580f4c14ba643c4f8a9e3a94@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rf3bc023a7cc729aeac72f482e2eeeab9008aa6b1dadbeb3f45320cae@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rb8c007f87dc57731a7b9a3b05364530422535b7e0bc6a0c5b68d4d55@%3Cdev.felix.apache.org%3E

[jira] [Created] (FELIX-6364) Security vulnerability CVE-2020-27216 ,update jetty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r7da5ae60d7973e8894cfe92f49ecb5b47417eefab4c77cc87514d3cf@%3Cdev.felix.apache.org%3E

[GitHub] [felix-dev] cziegeler merged pull request #63: FELIX-6364 Security vulnerability CVE-2020-27216 ,update jetty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/ra1f19625cc67ac1b459c558f2ea5647d71ce51c6fe4f4cb03baec849@%3Cnotifications.zookeeper.apache.org%3E

[GitHub] [zookeeper] nkalmar commented on pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rfe5caef1fd6cf4b8ceac1b63c33195f2908517b665c946c020d3fbd6@%3Cissues.beam.apache.org%3E

[jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r185d10aae8161c08726f3ba9a1f1c47dfb97624ea6212fa217173204@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rb7e159636b26156f6ef2b2a1a79b3ec9a026923b5456713e68f7c18e@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/refbbb0eb65c185d1fa491cee08ac8ed32708ce3b269133a6da264317@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r59e0878013d329dcc481eeafebdb0ee445b1e2852d0c4827b1ddaff2@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rf00ea6376f3d0e8b8f62cf6d4a4f28b24e27193acd2c851f618aa41e@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rc44d1147f78496ec9932a38b28795ff4fd0c4fa6e3b6f5cc33c14d29@%3Cissues.beam.apache.org%3E

[jira] [Reopened] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rbc5a622401924fadab61e07393235838918228b3d8a1a6704295b032@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rfe6ba83d14545e982400dea89e68b10113cb5202a3dcb558ce64842d@%3Cissues.zookeeper.apache.org%3E

[jira] [Updated] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/re5706141ca397587f7ee0f500a39ccc590a41f802fc125fc135cb92f@%3Cnotifications.zookeeper.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r819857361f5a156e90d6d06ccf6c41026bc99030d60d0804be3a9957@%3Cissues.beam.apache.org%3E

[jira] [Commented] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/ree506849c4f04376793b1a3076bc017da60b8a2ef2702dc214ff826f@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r8866f0cd2a3b319288b7eea20ac137b9f260c813d10ee2db88b65d32@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r556787f1ab14da034d79dfff0c123c05877bbe89ef163fd359b4564c@%3Cissues.beam.apache.org%3E

[jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rff0ad6a7dac2182421e2db2407e44fbb61a89904adfd91538f21fbf8@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r4179c71908778cc0598ee8ee1eaed9b88fc5483c65373f45e087f650@%3Cissues.beam.apache.org%3E

Pony Mail!
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r3042a9dd2973aa229e52d022df7813e4d74b67df73bfa6d97bb0caf8@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r66e99d973fd79ddbcb3fbdb24f4767fe9b911f5b0abb05d7b6f65801@%3Ccommits.zookeeper.apache.org%3E

Pony Mail!
Mailing List;Patch;Third Party Advisory
https://lists.apache.org/thread.html/rccedec4cfd5df6761255b71349e3b7c27ee0745bd33698a71b1775cf@%3Cissues.beam.apache.org%3E

[jira] [Comment Edited] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r0d95e01f52667f44835c40f6dea72bb4397f33cd70a564ea74f3836d@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r761a52f1e214efec286ee80045d0012e955eebaa72395ad62cccbcfc@%3Cissues.beam.apache.org%3E

[jira] [Updated] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rb8ad3745cb94c60d44cc369aff436eaf03dbc93112cefc86a2ed53ba@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r5a07f274f355c914054c7357ad6d3456ffaca064f26cd780acb90a9a@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r77dd041d8025a869156481d2268c67ad17121f64e31f9b4a1a220145@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r1ed79516bd6d248ea9f0e704dbfd7de740d5a75b71c7be8699fec824@%3Cnotifications.zookeeper.apache.org%3E

[GitHub] [zookeeper] anmolnar opened a new pull request #1549: ZOOKEEPER-4017. Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rc2e24756d28580eeac811c5c6a12012c9f424b6e5bffb89f98ee3d03@%3Cdev.felix.apache.org%3E

[jira] [Resolved] (FELIX-6364) Security vulnerability CVE-2020-27216 ,update jetty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/rafb023a7c61180a1027819678eb2068b0b60cd5c2559cb8490e26c81@%3Cissues.zookeeper.apache.org%3E

[jira] [Created] (ZOOKEEPER-4017) Owasp check failing - Jetty 9.4.32 - CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/ra5b7313d8cc9411db6790adfba33f2cf0665cb77adb7b02043c95867@%3Cdev.felix.apache.org%3E

[GitHub] [felix-dev] abhishekgarg18 opened a new pull request #63: FELIX-6364 Security vulnerability CVE-2020-27216 ,update jetty - Pony Mail
Mailing List;Third Party Advisory
https://lists.apache.org/thread.html/r0259b14ae69b87821e27fed1f5333ea86018294fd31aab16b1fac84e@%3Cissues.beam.apache.org%3E

[jira] [Work logged] (BEAM-11227) Upgrade beam-vendor-grpc-1_26_0-0.3 to fix CVE-2020-27216 - Pony Mail
Mailing List;Third Party Advisory

Jump to

Vulnerability Details : CVE-2020-27216

Products affected by CVE-2020-27216

Exploit prediction scoring system (EPSS) score for CVE-2020-27216

CVSS scores for CVE-2020-27216

CWE ids for CVE-2020-27216

References for CVE-2020-27216