github-actions[bot] commented on issue #8212: URL: https://github.com/apache/dolphinscheduler/issues/8212#issuecomment-1022812486
Boss, I have noticed that your project calls 305 open source components such as org.apache.hadoop:[email protected], and there are 23 security vulnerabilities. It is recommended that you upgrade. ```` Vulnerability Title: Apache Hadoop YARN NodeManager Security Vulnerability Vulnerability ID: CVE-2017-15718 Vulnerability description: Apache Hadoop is a set of open source distributed system infrastructure of the Apache Software Foundation of the United States. It can perform distributed processing on a large amount of data, and has the characteristics of high reliability, high scalability, and high fault tolerance. YARN NodeManager is one of the YARN node managers. A security vulnerability exists in the YARN NodeManager in Apache Hadoop versions 2.7.3 and 2.7.4. An attacker could exploit this vulnerability to access encrypted passwords. National vulnerability database information: https://www.cnvd.org.cn/flaw/show/CNVD-2018-03249 Vulnerability Level: Critical Scope of influence: [2.7.3, 2.7.5) Min fix version: 2.7.5 Import path: org.apache.dolphinscheduler:dolphinscheduler:2.0.0-SNAPSHOT->org.apache.dolphinscheduler:[email protected]>org.apache.dolphinscheduler:[email protected] >org.apache.dolphinscheduler:[email protected]>org.apache.hadoop:[email protected] ```` Another 22 vulnerabilities, if you want to view the detailed report, retest or continuously monitor your project, click here https://www.mfsec.cn/jr?p=k1106e If your project does not care about this security issue, you can ignore it. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
