You are viewing a plain text version of this content. The canonical link for it is here.
Posted to github@beam.apache.org by GitBox <gi...@apache.org> on 2022/06/04 14:41:43 UTC
[GitHub] [beam] damccorm opened a new issue, #19991: CVEs in the dependencies of hive-exec for HiveIO
damccorm opened a new issue, #19991:
URL: https://github.com/apache/beam/issues/19991
Hello, Your project uses some dependencies with CVEs. I found that the buggy methods of the CVEs are in the program execution path of your project, which makes your project at risk. I suggest a library update. See details below:
* *Vulnerable Dependency:* org.apache.hive : hive-exec : 2.1.0
* *Call Chain to Buggy Methods:*
** *Some files in your project call the library method org.apache.hadoop.hive.ql.Driver.run(java.lang.String), which can reach the buggy method of [CVE-2017-12625](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12625).*
*** Files in your project: sdks/java/io/hcatalog/src/main/java/org/apache/beam/sdk/io/hcatalog/test/EmbeddedMetastoreService.java
*** One of the possible call chain:
org.apache.hadoop.hive.ql.Driver.run(java.lang.String)
org.apache.hadoop.hive.ql.Driver.run(java.lang.String,boolean)
org.apache.hadoop.hive.ql.Driver.runInternal(java.lang.String,boolean)
org.apache.hadoop.hive.ql.Driver.compileInternal(java.lang.String)
org.apache.hadoop.hive.ql.Driver.compile(java.lang.String)
org.apache.hadoop.hive.ql.Driver.compile(java.lang.String,boolean)
org.apache.hadoop.hive.ql.parse.ParseDriver.parse(java.lang.String,org.apache.hadoop.hive.ql.Context) [buggy method]
** *Update suggestion:* version 3.1.2 3.1.2 is a safe version without CVEs. From 2.1.0 to 3.1.2, 2 of the APIs (called by 2 times in your project) were removed, 3 APIs (called by 3 times in your project) were modified.
Imported from Jira [BEAM-9428](https://issues.apache.org/jira/browse/BEAM-9428). Original Jira may contain additional context.
Reported by: XuCY.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] github-actions[bot] closed issue #19991: CVEs in the dependencies of hive-exec for HiveIO
Posted by GitBox <gi...@apache.org>.
github-actions[bot] closed issue #19991: CVEs in the dependencies of hive-exec for HiveIO
URL: https://github.com/apache/beam/issues/19991
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [beam] Abacn commented on issue #19991: CVEs in the dependencies of hive-exec for HiveIO
Posted by GitBox <gi...@apache.org>.
Abacn commented on issue #19991:
URL: https://github.com/apache/beam/issues/19991#issuecomment-1158938442
upgraded to 3.1.3.
.close-issue
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: github-unsubscribe@beam.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org