False positives for CVE-2019-10247 in org.eclipse.jetty:jetty-server
The trivy scanner, which is using the gemnasium-db, finds the following security issue.
+--------------------------------+------------------+ +-------------------+---------------+---------------------------------------+
| org.eclipse.jetty:jetty-server | CVE-2019-10247 | | 9.4.43.v20210629 | | jetty: error path |
| | | | | | information disclosure |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-10247 |
+--------------------------------+------------------+ +-------------------+---------------+---------------------------------------+This seems to be a false positive as it shall be fixed based on [1].
The announcement states that it's fixed for the following version:
- 9.2.28.v20190418
- 9.3.27.v20190418
- 9.4.17.v20190418
[1] https://www.eclipse.org/lists/jetty-announce/msg00130.html