You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@beam.apache.org by "bala barath (Jira)" <ji...@apache.org> on 2022/04/01 08:07:00 UTC

[jira] [Created] (BEAM-14227) CVE-2022-22965 vulnerability found

bala barath created BEAM-14227:
----------------------------------

             Summary: CVE-2022-22965 vulnerability found
                 Key: BEAM-14227
                 URL: https://issues.apache.org/jira/browse/BEAM-14227
             Project: Beam
          Issue Type: Bug
          Components: io-java-kafka
    Affects Versions: 2.37.0
            Reporter: bala barath


The beam sdk java io kafka uses 

 
{code:java}
org.springframework:spring-expression:4.3.18.RELEASE{code}
 

which has a transitive dependency of 

 
{code:java}
org.springframework:spring-core:4.3.18.RELEASE{code}
 

which is affected by the CVE-2022-22965 vulnerability.

 

References

https://mvnrepository.com/artifact/org.springframework/spring-expression/4.3.18.RELEASE



--
This message was sent by Atlassian Jira
(v8.20.1#820001)