[
https://issues.apache.org/jira/browse/HADOOP-17885?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17411279#comment-17411279
]
Ahmed Hussein commented on HADOOP-17885:
----------------------------------------
Thank you [~jeagles]!
> Upgrade JSON smart to 1.3.3 on branch-2.10
> ------------------------------------------
>
> Key: HADOOP-17885
> URL: https://issues.apache.org/jira/browse/HADOOP-17885
> Project: Hadoop Common
> Issue Type: Bug
> Affects Versions: 2.10.0, 2.10.1
> Reporter: Ahmed Hussein
> Assignee: Ahmed Hussein
> Priority: Major
> Labels: pull-request-available
> Fix For: 2.10.2
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Currently branch-2.10 is using JSON Smart 1.3.1 version which is vulnerable
> to [link CVE-2021-27568|https://nvd.nist.gov/vuln/detail/CVE-2021-27568].
> We can upgrade the version to 1.3.1.
> +Description of the vulnerability:+
> {quote}An issue was discovered in netplex json-smart-v1 through 2015-10-23
> and json-smart-v2 through 2.4. An exception is thrown from a function, but it
> is not caught, as demonstrated by NumberFormatException. When it is not
> caught, it may cause programs using the library to crash or expose sensitive
> information.{quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
