Details
-
Task
-
Status: Open
-
Major
-
Resolution: Unresolved
-
3.6.1, 3.5.8, 3.6.2
-
None
-
None
Description
The latest version of Zookeeper (3.6.2) uses Netty 4.1.50.Final, which contains a security vulnerability CVE-2021-21290 (https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-21290). This was fixed in Netty 4.1.59 and the latest is 4.1.60. Zookeeper needs to be updated to use the newest Netty version to eliminate this security vulnerability.