You are viewing a plain text version of this content. The canonical link for it is here.
Posted to hdfs-dev@hadoop.apache.org by "Hridesh (Jira)" <ji...@apache.org> on 2020/05/05 12:06:00 UTC
[jira] [Created] (HDFS-15333) Vulnerability fixes need for
jackson-databing on "HTrace"
Hridesh created HDFS-15333:
------------------------------
Summary: Vulnerability fixes need for jackson-databing on "HTrace"
Key: HDFS-15333
URL: https://issues.apache.org/jira/browse/HDFS-15333
Project: Hadoop HDFS
Issue Type: Improvement
Components: security
Affects Versions: 3.2.1
Environment: [^hdfs_imagescan_result.csv]
Reporter: Hridesh
Attachments: hdfs_imagescan_result.csv
HDFS dependent library "htrace-core4-4.1.0-incubating" build with jackson 2.4.0. POM URL: [https://github.com/apache/incubator-retired-htrace/blob/e12b5fcfaafa56d676fee5f873da01df6b61dac9/pom.xml.]
Jackson version < 2.9.1 has below list of vulnerabilities:
CVE-2019-14379
CVE-2019-16335
CVE-2019-17531
CVE-2019-14540
CVE-2018-11307
CVE-2019-12402
CVE-2018-7489
CVE-2018-12022
CVE-2019-14439
CVE-2017-15095
CVE-2017-7525
CVE-2017-17485
Attaching image scan result file.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org