You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@beam.apache.org by "bala barath (Jira)" <ji...@apache.org> on 2022/04/01 08:07:00 UTC
[jira] [Created] (BEAM-14227) CVE-2022-22965 vulnerability found
bala barath created BEAM-14227:
----------------------------------
Summary: CVE-2022-22965 vulnerability found
Key: BEAM-14227
URL: https://issues.apache.org/jira/browse/BEAM-14227
Project: Beam
Issue Type: Bug
Components: io-java-kafka
Affects Versions: 2.37.0
Reporter: bala barath
The beam sdk java io kafka uses
{code:java}
org.springframework:spring-expression:4.3.18.RELEASE{code}
which has a transitive dependency of
{code:java}
org.springframework:spring-core:4.3.18.RELEASE{code}
which is affected by the CVE-2022-22965 vulnerability.
References
https://mvnrepository.com/artifact/org.springframework/spring-expression/4.3.18.RELEASE
--
This message was sent by Atlassian Jira
(v8.20.1#820001)