You are viewing a plain text version of this content. The canonical link for it is here.

Posted to derby-dev@db.apache.org by "Richard N. Hillegas (Jira)" <ji...@apache.org> on 2022/03/22 13:43:00 UTC

[jira] [Closed] (DERBY-7135) Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?

     [ https://issues.apache.org/jira/browse/DERBY-7135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Richard N. Hillegas closed DERBY-7135.
--------------------------------------

> Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
> --------------------------------------------------------------
>
>                 Key: DERBY-7135
>                 URL: https://issues.apache.org/jira/browse/DERBY-7135
>             Project: Derby
>          Issue Type: Bug
>    Affects Versions: 10.14.2.0
>            Reporter: JenickLee
>            Priority: Blocker
>         Attachments: Snipaste_2022-03-22_00-43-37.png, Snipaste_2022-03-22_00-51-12.png
>
>
> Use a security tool to scan the derby 10.14.2.0 installation package. *The result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* The vulnerability is related to  Hive and Thrift, but no reference is found in the derby 10.14.2.0 source code.
> *Is it a false positive? Which of the following application scenarios will be affected if the vulnerability is involved?*
> For details about the scanning result, see the attachment.
> Vulnerability Details:
> [https://nvd.nist.gov/vuln/detail/CVE-2020-13949]



--
This message was sent by Atlassian Jira
(v8.20.1#820001)