[
https://issues.apache.org/jira/browse/HADOOP-18069?focusedWorklogId=761356&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-761356
]
ASF GitHub Bot logged work on HADOOP-18069:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 23/Apr/22 23:23
Start Date: 23/Apr/22 23:23
Worklog Time Spent: 10m
Work Description: ashutoshcipher opened a new pull request, #4229:
URL: https://github.com/apache/hadoop/pull/4229
Raising PR to check `okhttp` upgrade possibility to 4.9.3
JIRA: HADOOP-18069
Issue Time Tracking
-------------------
Worklog Id: (was: 761356)
Remaining Estimate: 0h
Time Spent: 10m
> CVE-2021-0341 in [email protected] detected in hdfs-client
> -------------------------------------------------------
>
> Key: HADOOP-18069
> URL: https://issues.apache.org/jira/browse/HADOOP-18069
> Project: Hadoop Common
> Issue Type: Bug
> Components: hdfs-client
> Affects Versions: 3.3.1
> Reporter: Eugene Shinn (Truveta)
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Our static vulnerability scanner (Fortify On Demand) detected [NVD -
> CVE-2021-0341
> (nist.gov)|https://nvd.nist.gov/vuln/detail/CVE-2021-0341#VulnChangeHistorySection]
> in our application. We traced the vulnerability to a transitive dependency
> coming from hadoop-hdfs-client, which depends on [email protected]
> ([hadoop/pom.xml at trunk · apache/hadoop
> (github.com)|https://github.com/apache/hadoop/blob/trunk/hadoop-project/pom.xml#L137]).
> To resolve this issue, okhttp should be upgraded to 4.9.2+ (ref:
> [CVE-2021-0341 · Issue #6724 · square/okhttp
> (github.com)|https://github.com/square/okhttp/issues/6724]).
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
