You are viewing a plain text version of this content. The canonical link for it is here.

Posted to hdfs-dev@hadoop.apache.org by "Hridesh (Jira)" <ji...@apache.org> on 2020/05/05 12:06:00 UTC

[jira] [Created] (HDFS-15333) Vulnerability fixes need for jackson-databing on "HTrace"

Hridesh created HDFS-15333:
------------------------------

             Summary: Vulnerability fixes need for jackson-databing on "HTrace"
                 Key: HDFS-15333
                 URL: https://issues.apache.org/jira/browse/HDFS-15333
             Project: Hadoop HDFS
          Issue Type: Improvement
          Components: security
    Affects Versions: 3.2.1
         Environment: [^hdfs_imagescan_result.csv]
            Reporter: Hridesh
         Attachments: hdfs_imagescan_result.csv

HDFS dependent library "htrace-core4-4.1.0-incubating" build with jackson 2.4.0. POM URL: [https://github.com/apache/incubator-retired-htrace/blob/e12b5fcfaafa56d676fee5f873da01df6b61dac9/pom.xml.]

 

Jackson version < 2.9.1 has below list of vulnerabilities:

CVE-2019-14379

CVE-2019-16335

CVE-2019-17531

CVE-2019-14540

CVE-2018-11307

CVE-2019-12402

CVE-2018-7489

CVE-2018-12022

CVE-2019-14439

CVE-2017-15095

CVE-2017-7525

CVE-2017-17485

 

Attaching image scan result file.

 



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: hdfs-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: hdfs-dev-help@hadoop.apache.org