Derek Lohnes created DRILL-7679:
-----------------------------------
Summary: Vulnerabilities in dependency
htrace-core4-4.1.0-incubating.jar (shaded:
com.fasterxml.jackson.core:jackson-databind:2.4.0)�
Key: DRILL-7679
URL: https://issues.apache.org/jira/browse/DRILL-7679
Project: Apache Drill
Issue Type: Bug
Affects Versions: 1.17.0
Reporter: Derek Lohnes
[|https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.4.0]
Vulnerabilities in dependency htrace-core4-4.1.0-incubating.jar (shaded:
com.fasterxml.jackson.core:jackson-databind:2.4.0)
Max CVSS Score: 9.8 (Critical)
Total # CVEs: 20
Note: The issue with htrace is its use of Jackson Databind.
[https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.4.0]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
