You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@hadoop.apache.org by Deepti Sharma S <de...@ericsson.com.INVALID> on 2022/12/27 06:58:35 UTC

VA Analysis EM21.6 Query on Hadoop

Hello Team,

We had some queries regarding below High vulnerabilities on Hadoop, could you please help here.

Query for below mentioned HIGH Vulnerability.

We are having java based HDFS client which uses Hadoop-Common-3.3.3, Hadoop-hdfs-3.3.3 and Hadoop-hdfs-client-3.3.3 as it's dependency.
Hadoop-Common and Hadoop-hdfs uses protobuf-java-2.5.0 as dependency.

We got the following high vulnerablilities in protobuf-java using "Anchore Grype".

1. CVE-2022-3171
2. CVE-2022-3509
3. CVE-2022-3510

What is the impact of these vulnerablilities on HDFS client?
If HDFS Client is impacted then what is the mitigation plan for that?



Regards,
Deepti Sharma
PMP(r) & ITIL