You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@systemml.apache.org by "Sebastian Baunsgaard (Jira)" <ji...@apache.org> on 2020/06/10 08:52:00 UTC

[jira] [Commented] (SYSTEMML-2536) Found CVEs in your dependencies

    [ https://issues.apache.org/jira/browse/SYSTEMML-2536?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17130423#comment-17130423 ] 

Sebastian Baunsgaard commented on SYSTEMML-2536:
------------------------------------------------

Hi XuCongying,

 

We now have a PR, (https://github.com/apache/systemml/pull/973) for this on the repository, it will probably not go though right now, since updating the Hadoop dependency requires more than just updating the version. 

But thanks for the heads up!

 

> Found CVEs in your dependencies
> -------------------------------
>
>                 Key: SYSTEMML-2536
>                 URL: https://issues.apache.org/jira/browse/SYSTEMML-2536
>             Project: SystemDS
>          Issue Type: Dependency upgrade
>            Reporter: XuCongying
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Hi, I have noticed that some library CVEs may be related to your projects. I suggest a library update to avoid potential risks. See below for details:
>  Vulnerable Library Version: com.typesafe.akka : akka-http_2.11 : 10.1.3
>   CVE ID: [CVE-2018-16131](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16131)
>   Import Path: pom.xml
>   Suggested Safe Versions: 10.1.10, 10.1.11, 10.1.5, 10.1.6, 10.1.7, 10.1.8, 10.1.9
>  Vulnerable Library Version: commons-collections : commons-collections : 3.2.1
>   CVE ID: [CVE-2015-6420](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6420)
>   Import Path: pom.xml
>   Suggested Safe Versions: 20030418.083655, 20031027.000000, 20040102.233541, 20040616, 3.2.2
>  Vulnerable Library Version: org.apache.hadoop : hadoop-common : 2.7.7
>   CVE ID: [CVE-2018-8029](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8029), [CVE-2018-8009](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8009)
>   Import Path: pom.xml
>   Suggested Safe Versions: 3.1.1, 3.1.2, 3.1.3, 3.2.0, 3.2.1
>  
> Vulnerable Library Version: org.apache.hadoop : hadoop-hdfs : 2.7.7
>   CVE ID: [CVE-2018-11768](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11768)
>   Import Path: pom.xml
>   Suggested Safe Versions: 2.10.0, 2.8.5, 2.9.2, 3.1.2, 3.1.3, 3.2.0, 3.2.1



--
This message was sent by Atlassian Jira
(v8.3.4#803005)