[
https://issues.apache.org/jira/browse/DERBY-7135?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
lijunbin updated DERBY-7135:
----------------------------
Attachment: (was: Snipaste_2022-03-22_00-51-12.png)
> Does derby 10.14.2.0 contain the CVE-2020-13949 vulnerability?
> --------------------------------------------------------------
>
> Key: DERBY-7135
> URL: https://issues.apache.org/jira/browse/DERBY-7135
> Project: Derby
> Issue Type: Bug
> Affects Versions: 10.14.2.0
> Reporter: lijunbin
> Priority: Blocker
> Attachments: Snipaste_2022-03-22_00-43-37.png
>
>
> Use a security tool to scan the derby 10.14.2.0 installation package. *The
> result shows that derbynet.jar contains the CVE-2020-13949 vulnerability.*
> The vulnerability is related to Hive and Thrift, but no reference is found
> in the derby 10.14.2.0 source code.
> *Is it a false positive? Which of the following application scenarios will be
> affected if the vulnerability is involved?*
> For details about the scanning result, see the attachment.
> Vulnerability Details:
> [https://nvd.nist.gov/vuln/detail/CVE-2020-13949]
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
