You are viewing a plain text version of this content. The canonical link for it is here.
Posted to derby-dev@db.apache.org by "lijunbin (Jira)" <ji...@apache.org> on 2022/03/21 16:52:00 UTC
[jira] [Updated] (DERBY-7135) Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
[ https://issues.apache.org/jira/browse/DERBY-7135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
lijunbin updated DERBY-7135:
----------------------------
Attachment: (was: Snipaste_2022-03-22_00-51-12.png)
> Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
> --------------------------------------------------------------
>
> Key: DERBY-7135
> URL: https://issues.apache.org/jira/browse/DERBY-7135
> Project: Derby
> Issue Type: Bug
> Affects Versions: 10.14.2.0
> Reporter: lijunbin
> Priority: Blocker
> Attachments: Snipaste_2022-03-22_00-43-37.png
>
>
> Use a security tool to scan the derby 10.14.2.0 installation package. *The result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* The vulnerability is related to Hive and Thrift, but no reference is found in the derby 10.14.2.0 source code.
> *Is it a false positive? Which of the following application scenarios will be affected if the vulnerability is involved?*
> For details about the scanning result, see the attachment.
> Vulnerability Details:
> [https://nvd.nist.gov/vuln/detail/CVE-2020-13949]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)