[ https://issues.apache.org/jira/browse/DERBY-7135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
lijunbin updated DERBY-7135: ---------------------------- Attachment: (was: Snipaste_2022-03-22_00-51-12.png) > Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability? > -------------------------------------------------------------- > > Key: DERBY-7135 > URL: https://issues.apache.org/jira/browse/DERBY-7135 > Project: Derby > Issue Type: Bug > Affects Versions: 10.14.2.0 > Reporter: lijunbin > Priority: Blocker > Attachments: Snipaste_2022-03-22_00-43-37.png > > > Use a security tool to scan the derby 10.14.2.0 installation package. *The > result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.* > The vulnerability is related to Hive and Thrift, but no reference is found > in the derby 10.14.2.0 source code. > *Is it a false positive? Which of the following application scenarios will be > affected if the vulnerability is involved?* > For details about the scanning result, see the attachment. > Vulnerability Details: > [https://nvd.nist.gov/vuln/detail/CVE-2020-13949] -- This message was sent by Atlassian Jira (v8.20.1#820001)