c0bw3b commented on PR #390: URL: https://github.com/apache/flume/pull/390#issuecomment-1310042269
Just to dive a bit deeper: is CVE-2022-42889 even _exploitable_ in current releases? I'm not familiar with commons-text but it seems to me that you are not using default interpolators in: https://github.com/apache/flume/blob/flume-1.10.1/flume-ng-node/src/main/java/org/apache/flume/node/MapResolver.java#L62-L63 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@flume.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
